How to generate the Gremlin Server security. I have checked the Siren documentation but could not find any. Any suggestions? Thanks
Hi,
the gremlin server certificate is a node certificate in a jks format.
If you’re running elasticsearch+security (SSL) on the same server where you have Siren Investigate, you can check your elasticsearch.yml and see which parameter you have:
- searchguard.ssl.http.keystore_filepath
- searchguard.ssl.http.pemcert_filepath
If you have the first one (searchguard.ssl.http.keystore_filepath), you can use the same jks as certificate for gremlin.
If you have the second one (searchguard.ssl.http.pemcert_filepath), you can generate your jks using the two steps below:
- openssl pkcs12 -export -inkey YOUR_KEY.key -in YOUR_PEM.pem -name gremlin -out gremlin.p12
- keytool -importkeystore -srckeystore gremlin.p12 -srcstoretype pkcs12 -destkeystore gremlin.jks
In both cases, you have to change the gremlin_server.url parameter (in investigate.yml), matching the right IP/Name used in the certificate.
Let us know if you have any question.
Thx. I will try this…
I ran into an issue. The steps are listed below
- I installed ElasticSearch and SearchGuard
- Next, I ran the install_demo_configuration.sh to configure the TLS
- Next, initialised SearchGuard using the sgadmin_demo.sh command
- The above command created all the certificates and made the entries into the elasticsearch.yml file
- Next, Siren was installed on the same system where Elasticsearch and SearchGuard were installed
- Self-signed certificates were generated. The certificate for the ES node was esnode.pem and esnode-key.pem
- I ran the above commands to create the gremlin.jks file
- Next, I configured the investigate.yml file including the gremlin server ones
- Started all the services - Elasticsearch runs normal however Siren starts up by prompting the credentials which are supplied however the gremlin server does not start and displays a timeout error while Siren status turns Red
My investigate.yml file listed below
# Kibana is served by a back end server. This setting specifies the port to use.
server.port: 5606
# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
server.host: "0.0.0.0"
# Enables you to specify a path to mount Kibana at if you are running behind a proxy. This only affects
# the URLs generated by Kibana, your proxy is expected to remove the basePath value before forwarding requests
# to Kibana. This setting cannot end in a slash.
#server.basePath: ""
# The maximum payload size in bytes for incoming server requests.
server.maxPayloadBytes: 30048576
# The Kibana server's name. This is used for display purposes.
#server.name: "your-hostname"
# The URL of the Elasticsearch instance to use for all your queries.
elasticsearch.url: "https://ubuntu:9200"
# When this setting's value is true Kibana uses the hostname specified in the server.host
# setting. When the value of this setting is false, Kibana uses the hostname of the host
# that connects to this Kibana instance.
#elasticsearch.preserveHost: true
# Kibana uses an index in Elasticsearch to store saved searches, visualizations and
# dashboards. Kibana creates a new index if the index doesn't already exist.
#kibana.index: ".kibana"
# The default application to load.
kibana.defaultAppId: "dashboard"
# If your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
elasticsearch.username: "admin"
elasticsearch.password: "admin"
# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
# These settings enable SSL for outgoing requests from the Kibana server to the browser.
server.ssl.enabled: true
server.ssl.certificate: /opt/siren/config/certs/siren.crt
server.ssl.key: /opt/siren/config/certs/siren.key
elasticsearch.ssl.certificateAuthorities: [ "/opt/siren/config/certs/ca.crt" ]
# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
# These files validate that your Elasticsearch backend uses the same key files.
#elasticsearch.ssl.certificate: /path/to/your/client.crt
#elasticsearch.ssl.key: /path/to/your/client.key
# Optional setting that enables you to specify a path to the PEM file for the certificate
# authority for your Elasticsearch instance.
#elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]
# To disregard the validity of SSL certificates, change this setting's value to 'none'.
elasticsearch.ssl.verificationMode: none
# elasticsearch.ssl.verificationMode: full or certificate or none
# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
# the elasticsearch.requestTimeout setting.
#elasticsearch.pingTimeout: 1500
# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
# must be a positive integer.
#elasticsearch.requestTimeout: 30000
# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
# headers, set this value to [] (an empty list).
elasticsearch.requestHeadersWhitelist: [ authorization, "sgtenant" ]
# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten
# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration.
#elasticsearch.customHeaders: {}
# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
#elasticsearch.shardTimeout: 0
# Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying.
#elasticsearch.startupTimeout: 5000
# Specifies the path where Kibana creates the process ID file.
#pid.file: /var/run/kibana.pid
# Enables you specify a file where Kibana stores log output.
#logging.dest: stdout
logging.dest: /opt/siren/logs/log.txt
# Set the value of this setting to true to suppress all logging output.
#logging.silent: false
# Set the value of this setting to true to suppress all logging output other than error messages.
#logging.quiet: false
# Set the value of this setting to true to log all events, including system usage information
# and all requests.
logging.verbose: true
# Set the interval in milliseconds to sample system and process performance
# metrics. Minimum is 100ms. Defaults to 5000.
#ops.interval: 5000
# Kibi default configuration
investigate_core:
load_jdbc: false
datasource_encryption_algorithm: 'AES-GCM'
datasource_encryption_key: 'iSxvZRYisyUW33FreTBSyJJ34KpEquWznUPDvn+ka14='
datasource_cache_size: 501
# Gremlin server configuration
gremlin_server:
# change the scheme to https after enabling SSL for Gremlin
url: https://localhost:8061
path: gremlin_server/gremlin-server.jar
# log_conf_path: gremlin_server/gremlin-server-log.properties
ssl:
key_store: "/opt/siren/config/certs/gremlin.jks"
key_store_password: "password"
ca: "/opt/siren/config/certs/root-ca.pem"
# Sentinl configuration
sentinl:
app_name: 'Siren Alert'
# Search Guard configurations
investigate_core:
elasticsearch:
auth_plugin: searchguard
investigate_access_control:
enabled: true
acl:
enabled: true
cookie:
secure: false
password: '12345678123456781234567812345678'
sirenalert:
elasticsearch:
username: admin
password: admin
backends:
searchguard:
admin.ssl.cert: /opt/siren/config/certs/esnode.pem
admin.ssl.key: /opt/siren/config/certs/esnode-key.pem
The Error message is listed below
Any suggestions would be helpful getting gremlin server working. thx