-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[DOCS] Creates separate doc for security in production #103973
Merged
gchaps
merged 11 commits into
elastic:master
from
gchaps:docs/production-considerations-security
Jul 7, 2021
Merged
Changes from 2 commits
Commits
Show all changes
11 commits
Select commit
Hold shift + click to select a range
b4da903
[DOCS] Creates separate doc for security in production
gchaps a33ba82
Merge branch 'master' into docs/production-considerations-security
kibanamachine 8fbe2ec
Use Kibana attribute
jportner 16149ad
Update CSP section
jportner 9aa3ef0
Move SSL section to the top
jportner 3720c1f
Add section on using secure HTTP headers
jportner 7676c4c
Write intro
jportner fecf25b
Merge branch 'master' into docs/production-considerations-security
kibanamachine 963275a
Merge branch 'master' into docs/production-considerations-security
gchaps e6a3470
[DOCS] Fixes broken link and other minor edits
gchaps 2ba02f4
[DOCS] Changes man to manipulator
gchaps File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
52 changes: 52 additions & 0 deletions
52
docs/user/production-considerations/security-production-considerations.asciidoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
[role="xpack"] | ||
[[Security-production-considerations]] | ||
== Security production considerations | ||
|
||
++++ | ||
<titleabbrev>Security</titleabbrev> | ||
++++ | ||
:keywords: administrator, analyst, concept, setup, security | ||
:description: Consider the production components for Kibana security. | ||
|
||
[float] | ||
[[configuring-kibana-shield]] | ||
=== Use {stack} {security-features} | ||
|
||
You can use {stack} {security-features} to control what {es} data users can | ||
access through Kibana. | ||
|
||
When {security-features} are enabled, Kibana users have to log in. They need to | ||
have a role granting <<kibana-privileges, Kibana privileges>> as well as access | ||
to the indices they will be working with in Kibana. | ||
|
||
If a user loads a Kibana dashboard that accesses data in an index that they | ||
are not authorized to view, they get an error that indicates the index does | ||
not exist. | ||
|
||
For more information on granting access to Kibana, see <<xpack-security-authorization>>. | ||
|
||
[float] | ||
[[csp-strict-mode]] | ||
=== Require Content Security Policy | ||
|
||
Kibana uses a Content Security Policy to help prevent the browser from allowing | ||
unsafe scripting, but older browsers will silently ignore this policy. If your | ||
organization does not need to support Internet Explorer 11 or much older | ||
versions of our other supported browsers, we recommend that you enable Kibana's | ||
`strict` mode for content security policy, which will block access to Kibana | ||
for any browser that does not enforce even a rudimentary set of CSP | ||
protections. | ||
|
||
To do this, set `csp.strict` to `true` in your `kibana.yml`: | ||
|
||
[source,js] | ||
-------- | ||
csp.strict: true | ||
-------- | ||
|
||
|
||
[float] | ||
[[enabling-ssl]] | ||
=== Enable SSL | ||
|
||
See <<configuring-tls>>. |
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We stopped supporting IE in Kibana 7.9, so this is stale info.
I did check our other supported browsers (Chrome, Firefox, Safari) -- each of them first started supporting Content Security Policy around 2012-2013. So I suppose we should leave this section in here and just remove the bit about IE, yeah?