@@ -11,38 +11,31 @@ such as encrypting communications, role-based access control, IP filtering, and
1111auditing. For more information, see
1212{stack-ov}/elasticsearch-security.html[Securing the {stack}].
1313
14- To use {es} {security-features}:
15-
16- . Verify that you are using a license that includes the {security-features}.
14+ . Verify that you are using a license that includes the specific
15+ {security-features} you want.
1716+
1817--
19- If you want to try all of the platinum features, you can start a 30-day trial.
20- At the end of the trial period, you can purchase a subscription to keep using
21- the full functionality. For more information, see
22- https://www.elastic.co/subscriptions and
23- {stack-ov}/license-management.html[License Management].
18+ For more information, see https://www.elastic.co/subscriptions and
19+ {stack-ov}/license-management.html[License management].
2420--
2521
2622. Verify that the `xpack.security.enabled` setting is `true` on each node in
27- your cluster. If you are using a trial license , the default value is `false`.
28- For more information, see {ref}/security-settings.html[Security Settings in {es}].
23+ your cluster. If you are using basic or trial licenses , the default value is `false`.
24+ For more information, see {ref}/security-settings.html[Security settings in {es}].
2925
3026. If you plan to run {es} in a Federal Information Processing Standard (FIPS)
3127140-2 enabled JVM, see <<fips-140-compliance>>.
3228
33- . Configure Transport Layer Security (TLS/SSL) for internode-communication.
29+ . <<configuring-tls, Configure Transport Layer Security (TLS/SSL) for internode-communication>> .
3430+
3531--
3632NOTE: This requirement applies to clusters with more than one node and to
3733clusters with a single node that listens on an external interface. Single-node
3834clusters that use a loopback interface do not have this requirement. For more
3935information, see
40- {stack-ov}/encrypting-communications.html[Encrypting Communications ].
36+ {stack-ov}/encrypting-communications.html[Encrypting communications ].
4137
4238--
43- .. <<node-certificates,Generate node certificates for each of your {es} nodes>>.
44-
45- .. <<tls-transport, Enable TLS on each {es} node>>.
4639
4740. If it is not already running, start {es}.
4841
@@ -72,14 +65,20 @@ user API.
7265
7366--
7467
75- . Choose which types of realms you want to use to authenticate users.
76- ** <<configuring-ad-realm,Configure an Active Directory realm>>.
77- ** <<configuring-file-realm,Configure a file realm>>.
78- ** <<configuring-ldap-realm,Configure an LDAP realm>>.
79- ** <<configuring-native-realm,Configure a native realm>>.
80- ** <<configuring-pki-realm,Configure a PKI realm>>.
81- ** <<configuring-saml-realm,Configure a SAML realm>>.
82- ** <<configuring-kerberos-realm,Configure a Kerberos realm>>.
68+ . Choose which types of realms you want to use to authenticate users.
69+ +
70+ --
71+ TIP: The types of authentication realms that you can enable varies according to
72+ your subscription. For more information, see https://www.elastic.co/subscriptions.
73+
74+ --
75+ ** <<configuring-ad-realm,Active Directory realms>>
76+ ** <<configuring-file-realm,File realms>>
77+ ** <<configuring-kerberos-realm,Kerberos realms>>
78+ ** <<configuring-ldap-realm,LDAP realms>>
79+ ** <<configuring-native-realm,Native realms>>
80+ ** <<configuring-pki-realm,PKI realms>>
81+ ** <<configuring-saml-realm,SAML realms>>
8382
8483. Set up roles and users to control access to {es}.
8584+
@@ -114,10 +113,13 @@ curl -XPOST -u elastic 'localhost:9200/_security/user/johndoe' -H "Content-Type:
114113// NOTCONSOLE
115114--
116115
117- . [[enable-auditing]]Enable auditing to keep track of attempted and successful interactions with
118- your {es} cluster:
116+ . [[enable-auditing]](Optional) Enable auditing to keep track of attempted and
117+ successful interactions with your {es} cluster:
119118+
120119--
120+ TIP: Audit logging is available with specific subscriptions. For more
121+ information, see https://www.elastic.co/subscriptions.
122+
121123.. Add the following setting to `elasticsearch.yml` on all nodes in your cluster:
122124+
123125[source,yaml]
@@ -134,6 +136,9 @@ Events are logged to a dedicated `<clustername>_audit.json` file in
134136`ES_HOME/logs`, on each cluster node.
135137--
136138
139+ To walk through the configuration of {security-features} in {es}, {kib}, {ls}, and {metricbeat}, see
140+ {stack-ov}/security-getting-started.html[Getting started with security].
141+
137142:edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/docs/reference/security/securing-communications/securing-elasticsearch.asciidoc
138143include::{es-repo-dir}/security/securing-communications/securing-elasticsearch.asciidoc[]
139144
0 commit comments