碼上歡樂
相關內容    簡體    繁體

X-PACK詳解

本文轉載自   查看原文   2018-10-01 11:09   4523    ELK

 


啟用和禁用
啟用和禁用X-Pack功能
默認情況下,所有X-Pack功能都被啟用。您可以啟用或禁用特定的X-Pack功能elasticsearch.yml,kibana.yml以及logstash.yml 配置文件。
設置 描述
xpack.graph.enabled 設置為false禁用X-Pack圖形功能。
xpack.ml.enabled 設置為false禁用X-Pack機器學習功能。
xpack.monitoring.enabled 設置為false禁用X-Pack監視功能。
xpack.reporting.enabled 設置為false禁用X-Pack報告功能。
xpack.security.enabled 設置為false禁用X-Pack安全功能。
xpack.watcher.enabled 設置false為禁用觀察器。


Run bin/kibana-plugin in your Kibana installation directory.
bin/kibana-plugin install x-pack
The plugin install scripts require direct internet access to download and install X-Pack. If your server doesn’t have internet access, specify the location of the X-Pack zip file that you downloaded to a temporary directory.
bin/kibana-plugin install file:///path/to/file/x-pack-6.2.4.zip
The Kibana server needs to be able to write to files in the optimize directory. If you’re using sudo or su, run the plugin installation as the built-in kibana user. For example:
sudo -u kibana bin/kibana-plugin install x-pack
For more information, see Installing Plugins.

密碼
也就是:
bin/x-pack/setup-passwords auto
1
如果想自己來指定密碼的話,執行:
bin/x-pack/setup-passwords interactive

也可以使用shell 終端進行管理:
修改elastic用戶的密碼:
curl -XPUT -u elastic 'localhost:9200/_xpack/security/user/elastic/_password' -d '{
"password" : "123456"
}'
修改kibana用戶的密碼:
curl -XPUT -u elastic 'localhost:9200/_xpack/security/user/kibana/_password' -d '{
"password" : "123456"
}'
創建用戶組和角色,創建所屬用戶
eg:創建beats_admin用戶組,該用戶組對filebeat*有all權限,對.kibana*有manage,read,index權限
curl -XPOST -u elastic 'localhost:9200/_xpack/security/role/beats_admin' -d '{
"indices" : [
{
"names" : [ "filebeat*" ],
"privileges" : [ "all" ]
},
{
"names" : [ ".kibana*" ],
"privileges" : [ "manage", "read", "index" ]
}
]
}'
創建jockbeat用戶,密碼是jockbeat
curl -XPOST -u elastic 'localhost:9200/_xpack/security/user/jockbeat' -d '{
"password" : "jockbeat",
"full_name" : "jock beat",
"email" : "john.doe@anony.mous",
"roles" : [ "beats_admin" ]
}'

 

1.解壓 x-pack-6.2.3.zip 進入elasticsearch目錄,找到x-pack-core-6.2.3.jar,如果如果已經安裝過x-pack插件可以在elasticsearch-6.2.3/plugins/x-pack/x-pack-core/目錄下找到
2.解壓jar包,然后找到如下兩個class文件,使用luyten反編譯
org/elasticsearch/license/LicenseVerifier.class
org/elasticsearch/xpack/core/XPackBuild.class
3.將反編譯后的java 代碼復制到自己的IDE中,按照同樣的包名創建pack(可以直接創建如下兩個文件,省略第二部)
(1)LicenseVerifier 中有兩個靜態方法,這就是驗證授權文件是否有效的方法,我們把它修改為全部返回true.
# cat LicenseVerifier.java
package org.elasticsearch.license;

import java.nio.*;
import java.util.*;
import java.security.*;
import org.elasticsearch.common.xcontent.*;
import org.apache.lucene.util.*;
import org.elasticsearch.common.io.*;
import java.io.*;

public class LicenseVerifier
{
public static boolean verifyLicense(final License license, final byte[] encryptedPublicKeyData) {
return true;
}
public static boolean verifyLicense(final License license) {
return true;
}
}
(2)XPackBuild 中 最后一個靜態代碼塊中 try的部分全部刪除,這部分會驗證jar包是否被修改
# cat XPackBuild.java
package org.elasticsearch.xpack.core;
import org.elasticsearch.common.io.*;
import java.net.*;
import org.elasticsearch.common.*;
import java.nio.file.*;
import java.io.*;
import java.util.jar.*;
public class XPackBuild
{
public static final XPackBuild CURRENT;
private String shortHash;
private String date;
@SuppressForbidden(reason = "looks up path of xpack.jar directly")
static Path getElasticsearchCodebase() {
final URL url = XPackBuild.class.getProtectionDomain().getCodeSource().getLocation();
try {
return PathUtils.get(url.toURI());
}
catch (URISyntaxException bogus) {
throw new RuntimeException(bogus);
}
}
XPackBuild(final String shortHash, final String date) {
this.shortHash = shortHash;
this.date = date;
}
public String shortHash() {
return this.shortHash;
}
public String date() {
return this.date;
}
static {
final Path path = getElasticsearchCodebase();
String shortHash = null;
String date = null;
Label_0157: {
shortHash = "Unknown";
date = "Unknown";
}
CURRENT = new XPackBuild(shortHash, date);
}
}4.編譯這兩個文件
我們不需要編譯整個項目,只需要編譯這兩個文件,所以要把依賴添加到classpath中,依賴也與之前有所變化,之前只需要x-pack 包本身,現在需要引入 elasticsearch 6.2.3 中 lib 目錄下的jar包 以及 x-pack-core-6.2.3.jar 本身
javac -cp "/usr/local/elk/elasticsearch-6.2.3/lib/elasticsearch-6.2.3.jar:/usr/local/elk/elasticsearch-6.2.3/lib/lucene-core-7.2.1.jar:/usr/local/elk/elasticsearch-6.2.3/plugins/x-pack/x-pack-core/x-pack-core-6.2.3.jar" LicenseVerifier.java
javac -cp "/usr/local/elk/elasticsearch-6.2.3/lib/elasticsearch-6.2.3.jar:/usr/local/elk/elasticsearch-6.2.3/lib/lucene-core-7.2.1.jar:/usr/local/elk/elasticsearch-6.2.3/plugins/x-pack/x-pack-core/x-pack-core-6.2.3.jar:/usr/local/elk/elasticsearch-6.2.3/lib/elasticsearch-core-6.2.3.jar" XPackBuild.java
1
2
5.使用重新編譯的兩個class文件替換原有的class文件,然后重新打jar包
jar -cvf x-pack-core-6.2.3.jar ./*
1
6.將破解好的x-pack-core-6.2.3.jar替換elasticsearch-6.2.3/plugins/x-pack/x-pack-core/目錄下原有的jar包即可。
7.更新license:
去官網申請免費license,會發郵件給你進行下載;
將下載的文件重命名為license.json,並做如下修改:
"type":"platinum" #白金版
"expiry_date_in_millis":2524579200999 #截止日期 2050年
或者將license文件上傳到服務器通過命令導入:
curl -XPUT -u elastic 'http://192.168.20.101:9200/_xpack/license' -H "Content-Type: application/json" -d @license.json
或者
curl -XPUT -u elastic 'http://192.168.20.60:9200/_xpack/license?acknowledge=true' -H "Content-Type: application/json" -d @license.json
注意:
elasticsearch 6.2.4中默認開啟了安全驗證,我們暫時修改配置文件以方便導入自己的文件
在elasticsearch.yml 中 添加一下配置
xpack.security.enabled:false


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 x-pack x-pack破解並安裝 ldap集成x-pack x-pack破解並安裝 ELK—x-pack插件 Elasticsearch X-Pack破解 X-pack 6.4.0 破解 ES破解x-pack elasticsearch7.X x-pack破解 ES集群開啟X-pack認證
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM