Gremlin Server security settings

How to generate the Gremlin Server security. I have checked the Siren documentation but could not find any. Any suggestions? Thanks

Hi,
the gremlin server certificate is a node certificate in a jks format.
If you’re running elasticsearch+security (SSL) on the same server where you have Siren Investigate, you can check your elasticsearch.yml and see which parameter you have:

  1. searchguard.ssl.http.keystore_filepath
  2. searchguard.ssl.http.pemcert_filepath

If you have the first one (searchguard.ssl.http.keystore_filepath), you can use the same jks as certificate for gremlin.
If you have the second one (searchguard.ssl.http.pemcert_filepath), you can generate your jks using the two steps below:

  1. openssl pkcs12 -export -inkey YOUR_KEY.key -in YOUR_PEM.pem -name gremlin -out gremlin.p12
  2. keytool -importkeystore -srckeystore gremlin.p12 -srcstoretype pkcs12 -destkeystore gremlin.jks

In both cases, you have to change the gremlin_server.url parameter (in investigate.yml), matching the right IP/Name used in the certificate.

Let us know if you have any question.

1 Like

Thx. I will try this…

I ran into an issue. The steps are listed below

  1. I installed ElasticSearch and SearchGuard
  2. Next, I ran the install_demo_configuration.sh to configure the TLS
  3. Next, initialised SearchGuard using the sgadmin_demo.sh command
  4. The above command created all the certificates and made the entries into the elasticsearch.yml file
  5. Next, Siren was installed on the same system where Elasticsearch and SearchGuard were installed
  6. Self-signed certificates were generated. The certificate for the ES node was esnode.pem and esnode-key.pem
  7. I ran the above commands to create the gremlin.jks file
  8. Next, I configured the investigate.yml file including the gremlin server ones
  9. Started all the services - Elasticsearch runs normal however Siren starts up by prompting the credentials which are supplied however the gremlin server does not start and displays a timeout error while Siren status turns Red

My investigate.yml file listed below

# Kibana is served by a back end server. This setting specifies the port to use.
server.port: 5606

# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
server.host: "0.0.0.0"

# Enables you to specify a path to mount Kibana at if you are running behind a proxy. This only affects
# the URLs generated by Kibana, your proxy is expected to remove the basePath value before forwarding requests
# to Kibana. This setting cannot end in a slash.
#server.basePath: ""

# The maximum payload size in bytes for incoming server requests.
server.maxPayloadBytes: 30048576

# The Kibana server's name.  This is used for display purposes.
#server.name: "your-hostname"

# The URL of the Elasticsearch instance to use for all your queries.
elasticsearch.url: "https://ubuntu:9200"

# When this setting's value is true Kibana uses the hostname specified in the server.host
# setting. When the value of this setting is false, Kibana uses the hostname of the host
# that connects to this Kibana instance.
#elasticsearch.preserveHost: true

# Kibana uses an index in Elasticsearch to store saved searches, visualizations and
# dashboards. Kibana creates a new index if the index doesn't already exist.
#kibana.index: ".kibana"

# The default application to load.
kibana.defaultAppId: "dashboard"

# If your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
elasticsearch.username: "admin"
elasticsearch.password: "admin"

# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
# These settings enable SSL for outgoing requests from the Kibana server to the browser.

server.ssl.enabled: true
server.ssl.certificate: /opt/siren/config/certs/siren.crt
server.ssl.key: /opt/siren/config/certs/siren.key
elasticsearch.ssl.certificateAuthorities: [ "/opt/siren/config/certs/ca.crt" ]

# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
# These files validate that your Elasticsearch backend uses the same key files.
#elasticsearch.ssl.certificate: /path/to/your/client.crt
#elasticsearch.ssl.key: /path/to/your/client.key

# Optional setting that enables you to specify a path to the PEM file for the certificate
# authority for your Elasticsearch instance.
#elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]

# To disregard the validity of SSL certificates, change this setting's value to 'none'.
elasticsearch.ssl.verificationMode: none
# elasticsearch.ssl.verificationMode: full or certificate or none

# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
# the elasticsearch.requestTimeout setting.
#elasticsearch.pingTimeout: 1500

# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
# must be a positive integer.
#elasticsearch.requestTimeout: 30000

# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
# headers, set this value to [] (an empty list).
elasticsearch.requestHeadersWhitelist: [ authorization, "sgtenant" ]

# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten
# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration.
#elasticsearch.customHeaders: {}

# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
#elasticsearch.shardTimeout: 0

# Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying.
#elasticsearch.startupTimeout: 5000

# Specifies the path where Kibana creates the process ID file.
#pid.file: /var/run/kibana.pid

# Enables you specify a file where Kibana stores log output.
#logging.dest: stdout
logging.dest: /opt/siren/logs/log.txt

# Set the value of this setting to true to suppress all logging output.
#logging.silent: false

# Set the value of this setting to true to suppress all logging output other than error messages.
#logging.quiet: false

# Set the value of this setting to true to log all events, including system usage information
# and all requests.
logging.verbose: true

# Set the interval in milliseconds to sample system and process performance
# metrics. Minimum is 100ms. Defaults to 5000.
#ops.interval: 5000

# Kibi default configuration
investigate_core:
  load_jdbc: false
  datasource_encryption_algorithm: 'AES-GCM'
  datasource_encryption_key: 'iSxvZRYisyUW33FreTBSyJJ34KpEquWznUPDvn+ka14='
  datasource_cache_size: 501

  # Gremlin server configuration
  gremlin_server:
    # change the scheme to https after enabling SSL for Gremlin
    url: https://localhost:8061
    path: gremlin_server/gremlin-server.jar
    # log_conf_path: gremlin_server/gremlin-server-log.properties
    ssl:
	key_store: "/opt/siren/config/certs/gremlin.jks"
	key_store_password: "password"
	ca: "/opt/siren/config/certs/root-ca.pem"


# Sentinl configuration
sentinl:
  app_name: 'Siren Alert'


# Search Guard configurations
investigate_core:
   elasticsearch:
      auth_plugin: searchguard

investigate_access_control:
   enabled: true
   acl:
      enabled: true
   cookie:
      secure: false
      password: '12345678123456781234567812345678'
   sirenalert:
      elasticsearch:
        username: admin
        password: admin
   backends:
    searchguard:
      admin.ssl.cert: /opt/siren/config/certs/esnode.pem
      admin.ssl.key: /opt/siren/config/certs/esnode-key.pem

The Error message is listed below

Any suggestions would be helpful getting gremlin server working. thx