Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/opendistro-for-elasticsearch/security
https://github.com/opendistro-for-elasticsearch/security
Last synced: 3 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/opendistro-for-elasticsearch/security
- Owner: opendistro-for-elasticsearch
- License: apache-2.0
- Archived: true
- Created: 2021-04-16T18:23:01.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2021-04-30T15:27:08.000Z (over 3 years ago)
- Last Synced: 2024-04-12T20:40:04.322Z (7 months ago)
- Language: Java
- Size: 3.41 MB
- Stars: 18
- Watchers: 6
- Forks: 25
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Codeowners: .github/CODEOWNERS
- Security: securityconfig/action_groups.yml
Awesome Lists containing this project
README
[![CI](https://github.com/opendistro-for-elasticsearch/security/workflows/CI/badge.svg?branch=main)](https://github.com/opendistro-for-elasticsearch/security/actions)
[![codecov](https://codecov.io/gh/opendistro-for-elasticsearch/security/branch/main/graph/badge.svg)](https://codecov.io/gh/opendistro-for-elasticsearch/security)# Open Distro for Elasticsearch Security
Open Distro for Elasticsearch Security is an Elasticsearch plugin that offers encryption, authentication, and authorization. When combined with Open Distro for Elasticsearch Security-Advanced Modules, it supports authentication via Active Directory, LDAP, Kerberos, JSON web tokens, SAML, OpenID and more. It includes fine grained role-based access control to indices, documents and fields. It also provides multi-tenancy support in Kibana.
## Features provided by Security
### Encryption:
* Full data in transit encryption
* Node-to-node encryption
* Certificate revocation lists
* Hot Certificate renewal### Authentication:
* Internal user database
* HTTP basic authentication
* PKI authentication
* Proxy authentication
* User Impersonation
* Active Directory / LDAP
* Kerberos / SPNEGO
* JSON web token (JWT)
* OpenID Connect (OIDC)
* SAML### Access control:
* Role-based cluster level access control
* Role-based index level access control
* User-, role- and permission management
* Document-level security
* Field-level security
* REST management API### Audit/Compliance logging:
* Audit logging
* Compliance logging for GDPR, HIPAA, PCI, SOX and ISO compliance### Kibana multi-tenancy
* True Kibana multi-tenancy## Documentation
Please refer to the [technical documentation](https://opendistro.github.io/for-elasticsearch-docs/docs/security/configuration/) for detailed information on installing and configuring opendistro-elasticsearch-security plugin.
## Quick Start
* Install Elasticsearch
* Install the opendistro-elasticsearch-security plugin for your Elasticsearch version 6.5.4, e.g.:
```
/bin/elasticsearch-plugin install \
-b com.amazon.opendistroforelasticsearch:opendistro_security:0.8.0.0
```* ``cd`` into ``/plugins/opendistro_security/tools``
* Execute ``./install_demo_configuration.sh``, ``chmod`` the script first if necessary. This will generate all required TLS certificates and add the Security Plugin Configuration to your ``elasticsearch.yml`` file.
* Start Elasticsearch
* Test the installation by visiting ``https://localhost:9200``. When prompted, use admin/admin as username and password. This user has full access to the cluster.
* Display information about the currently logged in user by visiting ``https://localhost:9200/_opendistro/_security/authinfo``.
## Test and Build
* Run all tests
```
mvn clean test
```* Build artifacts (zip, deb, rpm)
```
mvn clean package -Padvanced -DskipTests
artifact_zip=`ls $(pwd)/target/releases/opendistro-security-*.zip | grep -v admin-standalone`
./gradlew build buildDeb buildRpm --no-daemon -ParchivePath=$artifact_zip -Dbuild.snapshot=false
```## Config hot reloading
The Security Plugin Configuration is stored in a dedicated index in Elasticsearch itself. Changes to the configuration are pushed to this index via the command line tool. This will trigger a reload of the configuration on all nodes automatically. This has several advantages over configuration via elasticsearch.yml:
* Configuration is stored in a central place
* No configuration files on the nodes necessary
* Configuration changes do not require a restart
* Configuration changes take effect immediately## License
This code is licensed under the Apache 2.0 License.
## Copyright
Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.