Do we need X-Pack to enable security in Elasticsearch and kibana? - security

I made a cluster with 3 master and 5 data nodes.The cluster even have 25 working indices and 10 Dashboards.Now I am trying to enable authentication to this cluster.I have seen some articles saying elastic search have security services free from 7.0 version
[link](https://www.elastic.co/blog/security-for-elasticsearch-is-now-free).
But when i am going through tutorial its mentioned we need to enable xpack. xpack.security.enable: true.so is it like we need to have x-pack to fulfill this usecase ?

X-Pack is the name of the module that contains the security code.
For Elasticsearch versions prior to 6.3, X-Pack had to be installed separately as a plugin. Some X-Pack features were free to use (Basic license), some required a commercial license (e.g. Security). Starting with 6.3 the default download contains that X-Pack module already. X-Pack as a product and plugin do no longer exist.
Starting with Elasticsearch version 6.8/7.1 Elastic moved some basic security features from the commercial license into the free Basic tier, only requiring you to configure it.
The parameters for doing so are still prefixed with "xpack", as it is still a setting of an spect from within this module.

Related

Available Node Package Module that supports amazon product api version 5.0

Amazon recently published its Amazon Product Advertising API v5.0 for Amazon Affiliate Program. From 31st October 2019, previous version 4.0 of API will be taken down and only v5.0 will be supported to access Amazon products programmatically.
With these changes, most available node modules and applications will no longer work with V5.0. For this Amazon PA-API 5.0, Amazon has released an SDK for PHP, NodeJs, Python and, Java. However, using the SDK for NodeJs may require time to configure.
That being said, is there an available Node Package module that we can use to easily start integrating our application?
There are a few NPM wrappers that are available today that help you use Paapi 5.0 for NodeJS. All of this module uses the amazon SDK for their code.
amazon-paapi - By far my favorite as it uses simple to understand node syntax. Adding parameters is much like how you do it using amazon scratchpad. It also support custom parameter options.
amazon-pa-api50 - Another great module. However, as of this writing, I found some limitations on optional parameters you can add to some operations.
apaw - alternative option.

User authentication in Elasticsearch without third party tools

Is there any way to do user authentication without any third-party tools; just need to prevent access with username and password.
Yes it is possible and you can use X-Pack, which is an Elastic Stack extension that provides security. By default, when you install Elasticsearch, X-Pack is installed with a 30-day trial.
here the docs: https://www.elastic.co/guide/en/elasticsearch/reference/current/configuring-security.html
If you are looking for something open-source opendistro for elasticsearch provides the same services for free and has support for Active Directory, LDAP, Kerberos, SAML, and OpenID Connect, here the docs: https://opendistro.github.io/for-elasticsearch-docs/docs/security-configuration/
If you wish you can install the OSS version of elasticsearch, which includes only Apache 2.0 licensed code (here: https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-oss-7.6.1-linux-x86_64.tar.gz) and then install the standalone plugin for security with this command:
`sudo bin/elasticsearch-plugin install https://d3g5vo6xdbdb9a.cloudfront.net/downloads/elasticsearch-plugins/opendistro-security/opendistro_security-`1.4.0.0.zip
as described here:
https://opendistro.github.io/for-elasticsearch-docs/docs/install/plugins/#security
Let me know if you need help for configure authentication!
Good luck!
The basic auth part if free starting from Elasticsearch 6.8. However, you'll need to buy X-Pack for advanced stuff like LDAP Authn / Authz.
https://www.elastic.co/blog/security-for-elasticsearch-is-now-free

Free Way to do Expression Engine 2 Development?

I'm looking at doing some Expression Engine development, but it looks like with Expression Engine 2.x there is no longer the free Core version to download. This is for a single client as I don't normally do EE work.
Am I allowed to download their files/db to my local machine for development or will that be breaking any sort of license? Or am I expected to purchase a license even though I won't be running an EE site myself? The client has a full EE license, but I don't know that I want to drop $99 to build a basic module for a client.
An ExpressionEngine license purchase allows a single “live” installation in a production environment and ancillary “development use only” installations as needed to support the live installation (such as development and a staging servers).
ref: http://expressionengine.com/user_guide/license.html
So, yes if you download the clients files/DB and install locally to continue the build or test with it, that's completely fine and within the license agreement.

Opensource IAM tool used in development

I am looking for an Opensource lightweight IAM to be used in development as a substitute for the real commercial IAM in production. Something with basic IAM functionalities, easy to install & easily configured to inject HTTP headers like user group.
Is OpenAM a good option? Any recommendations?
OpenAM comes from a very good pedigree...is forked from OpenSSO which is open-sourced code from the original SUN Access Manager product. OpenSSO was abandoned by Oracle after the Sun acquisition, so another company took it over and promoted a developer community around it.
Overall its a good choice for your requirements; that is:
Production-ready - yes, this version and previous versions have been used in production implementations
basic IAM functionality - it contains basic web access management functions and more than a few advanced features.
Inject HTTP headers - Yes, this is a standard function among web access management products.
In the past, a limitation with OpenAM/OpenSSO is that it required Sun Directory as the configuration store; however, this has changed with recent releases allowing other directories to be used.
Expect that installation and configuration of OpenAM to be rather command-line intensive; that is, with a minimal package installation and then options set in config files or thru utilities.
Hope that helps...

Migrate Liferay 5 -> 5.2

We have a liferay portal running on a hosting company, and We want to bring it to our own structure. So, I've downloaded the excellent bitnami stack and loaded it in our vmware server.
I've no experience on liferay whatsoever, all I know its that it uses mysql as database. Is there any docs on how to do it?
Tks!
Use the Liferay's Wiki:
5.0 to 5.1: http://www.liferay.com/community/wiki/-/wiki/Main/Upgrade+Instructions+from+5.0+to+5.1
5.1. to 5.2: http://www.liferay.com/community/wiki/-/wiki/Main/Upgrade+Instructions+from+5.1+to+5.2
I recommend to do a 2-step upgrade since direct upgrade from 5.0 to 5.2 is more troublesome.
There have been reports that it's some work to upgrade older versions to the latest and greatest, so you should be prepared for some efforts.
That said, the way you should go is to backup the previous installation (e.g. all directories, database entries etc) and deploy that on your own server. This installation then is updated to the latest version by installing the latest version and pointing it to the data from the previous installation. During the first startup, liferay will (given sufficient privileges on mysql) update the database structure and everything it needs. Keep your backup ready and test thoroughly if everything is upgraded the way you intended it to be.
Also you need to keep an eye on your customized stuff - if you have portlets or other components that use the liferay api, you might need to upgrade those manually to take changed APIs into account.
Theoretically that should be it. I've heard of people having had some problems with this - but it all depends on your level of customization and utilization of features in liferay.
The liferay folks intend to circumvent this in future with their EE environment, where you get better defined upgrade paths and long term support with minor upgrades to your environment, keeping APIs and database requirements stable. I'd hope that even upgrades between major versions will benefit from this, but have not yet tried it.

Resources