Details
-
Suggestion
-
Resolution: Unresolved
-
None
-
None
-
9
-
Description
Issue Summary
When configuring remote Elasticsearch, xpack.security.enabled must set to false in elasticsearch.yml. As a result, the user cannot configure the following security features in Elasticsearch:
Security Category | Pattern for Controls | Control Definition | Support Engineer's Verification |
---|---|---|---|
Secure Access | Authentication | Active directory realms must be used for user authentication. (SSO Integration) | Must configure Elastic Stack security features to communicate with Active Directory |
Secure Access | Authorization | Segregation of duties principle must be followed for all administrative roles. | Must configure Elastic Stack security features |
Secure Access | Authorization | Enforce the least privilege principle as defined in the Access Control Standard for Elasticsearch service access. | Must configure Elastic Stack security features |
Secure Access | Authorization | RBAC must be configured to access Elasticsearch. | Require Elasticsearch Security Features for setting up RBAC in Elasticsearch with Kibana (xpack.security.enabled: true) |
Secure Access | Authorization | Only whitelisted IP addresses must be able to access Elasticsearch domains. | Require Elasticsearch Security Features for IP filtering (xpack.security.enabled: true) |
Secure Data | Data Encryption | All nodes must authenticate using TLS certificates as they join the cluster in ElasticSearch | Must configure Elastic Stack security features |
Auditing | Auditing | Auditing must be enabled as per logging and auditing standard | Require Elasticsearch Security Features to enable an audit log (xpack.security.enabled: true) |
If we set xpack.security.enabled: true, remote Elasticsearch unable to start successfully.
Steps to Reproduce
- Install and configure a remote Elasticsearch following Bitbucket documentation (How to Install and configure a remote Elasticsearch instance)
- Open elasticsearch.yml
- Set xpack.security.enabled: true
- Start Elasticsearch
Expected Results
Elasticsearch can start successfully.
Actual Results
The below exception is thrown in elasticsearch.log:
[2019-12-25T19:01:16,167][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [AQY_yNT] uncaught exception in thread [main][2019-12-25T19:01:16,167][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [AQY_yNT] uncaught exception in thread [main]org.elasticsearch.bootstrap.StartupException: java.lang.IllegalArgumentException: Cannot have more than one plugin implementing a REST wrapper at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:163) ~[elasticsearch-6.6.1.jar:6.6.1] at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150) ~[elasticsearch-6.6.1.jar:6.6.1] at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-6.6.1.jar:6.6.1] at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) ~[elasticsearch-cli-6.6.1.jar:6.6.1] at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-6.6.1.jar:6.6.1] at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:116) ~[elasticsearch-6.6.1.jar:6.6.1] at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:93) ~[elasticsearch-6.6.1.jar:6.6.1]Caused by: java.lang.IllegalArgumentException: Cannot have more than one plugin implementing a REST wrapper at org.elasticsearch.action.ActionModule.<init>(ActionModule.java:382) ~[elasticsearch-6.6.1.jar:6.6.1] at org.elasticsearch.node.Node.<init>(Node.java:477) ~[elasticsearch-6.6.1.jar:6.6.1] at org.elasticsearch.node.Node.<init>(Node.java:265) ~[elasticsearch-6.6.1.jar:6.6.1] at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:212) ~[elasticsearch-6.6.1.jar:6.6.1] at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:212) ~[elasticsearch-6.6.1.jar:6.6.1] at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:333) ~[elasticsearch-6.6.1.jar:6.6.1] at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-6.6.1.jar:6.6.1] ... 6 more
Workaround
Uninstall the Buckler plugin if wishing to use the Elastic security features (xpack) instead of Buckler for securing the Elasticsearch server.