ELK之安装searchguard后默认管理员用户admin修改

　　安装完elasticsearch之后会有一个默认的用户admin密码也为admin，该用户无法删除无法编辑修改密码，用于生产时安全性较差，需要修改默认密码或者删除该admin用户

　　使用工具生产加密密码

/usr/share/elasticsearch/plugins/search-guard-6/tools
chmod +x hash.sh
./hash.sh -p qweasd123

$2y$12$y1ZrQrtL5fXbsNOfkLNpauQ/f82wiFgQmUk6fJBU7OazZlvt8Hs.6

　　明文密码为qweasd123生成加密密码

　　修改配置文件

/usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_internal_users.yml 

 

　　设置生效

./sgadmin.sh -cacert root-ca.pem -cert CN=sgadmin.crtfull.pem -key CN=sgadmin.key.pem -keypass 3c67d14791c6ac933e9b -nhnv -icl -cd ../sgconfig/

　　改命令可以在证书路径下的README.txt找到

/etc/elasticsearch/key/README.txt

　　命令运行以下红色为本次生效部分

[root@dev-es-kinaba tools]# ./sgadmin.sh -cacert root-ca.pem -cert CN=sgadmin.crtfull.pem -key CN=sgadmin.key.pem -keypass 3c67d14791c6ac933e9b -nhnv -icl -cd ../sgconfig/
Search Guard Admin v6
Will connect to localhost:9300 ... done
Elasticsearch Version: 6.6.2
Search Guard Version: 6.6.2-24.2
Connected as CN=sgadmin
Contacting elasticsearch cluster 'elasticsearch' and wait for YELLOW clusterstate ...
Clustername: my-elk
Clusterstate: YELLOW
Number of nodes: 1
Number of data nodes: 1
searchguard index already exists, so we do not need to create one.
Populate config from /usr/share/elasticsearch/plugins/search-guard-6/sgconfig
Will update 'sg/config' with ../sgconfig/sg_config.yml 
   SUCC: Configuration for 'config' created or updated
Will update 'sg/roles' with ../sgconfig/sg_roles.yml 
   SUCC: Configuration for 'roles' created or updated
Will update 'sg/rolesmapping' with ../sgconfig/sg_roles_mapping.yml 
   SUCC: Configuration for 'rolesmapping' created or updated
Will update 'sg/internalusers' with ../sgconfig/sg_internal_users.yml 
   SUCC: Configuration for 'internalusers' created or updated
Will update 'sg/actiongroups' with ../sgconfig/sg_action_groups.yml 
   SUCC: Configuration for 'actiongroups' created or updated
Done with success

　　PS：执行该操作会导致之前在kiban里面创建的用户删除掉

　　重启elasticsearch即可使用新密码登录kibana