在CentOS系统上配置和运行Filebeat时,确保其安全性是非常重要的。以下是一些关键的安全设置步骤和建议:
elkuser
。/etc/passwd
文件,添加新用户并设置密码。useradd
命令创建用户:sudo useradd elkuser
sudo passwd --stdin elkuser
sudo -u elkuser /usr/bin/filebeat
filebeat.yml
配置文件,添加SSL相关配置:output.elasticsearch:
hosts: ["logstash:5044"]
ssl.certificate: "/etc/certs/filebeat.crt"
ssl.key: "/etc/certs/filebeat.key"
ssl.certificate_authorities: ["/etc/certs/ca.crt"]
{
"cluster": ["monitor"],
"indices": [
{
"names": ["app-logs-*"],
"privileges": ["read"],
"query": {
"term": {
"team": "devops"
}
}
}
]
}
firewalld
限制Filebeat的网络访问,只允许特定的IP地址或网络段访问Filebeat服务:sudo firewall-cmd --permanent --add-service=filebeat
sudo firewall-cmd --reload
filter {
mutate {
gsub => ["message", "(\d{6})\d{8}(\d{4})", "\1********\2"]
}
}
sudo setenforce 0
sed -i 's/selinuxenforcing/selinuxdisabled/g' /etc/selinux/config
sudo systemctl stop firewalld
sudo systemctl disable firewalld
通过以上步骤,您可以有效地增强CentOS系统上Filebeat的安全性,防止潜在的安全威胁和攻击。