We are dealing with security events and they are sensitive in nature so we don't want someone getting access to the server without logging in first.

Here we will configure the ELK password page.

With SSH access to ELK-server, added the following values into directory .yml below

xpack.security.enabled: true xpack.security.authc.api_key.enabled: true

$- sudo vim /etc/elasticsearch/elasticsearch.yml

• Restart elasticsearch using the command below

  $- sudo systemctl restart elasticsearch
  $- sudo systemctl status elasticsearch
  

  

• Run the command below to generate the various ELK Stack passwords.

$- sudo su
$- /usr/share/elasticsearch/bin/elasticsearch-setup-passwords auto

• Next, update /etc/kibana/kibana.yml with the kibana_system credentials with the command below.

  $- sudo vim **/etc/kibana/kibana.yml**
  

  

  elasticsearch.username: "kibana_system"
  elasticsearch.password: "04vIEhf73xVL8TOFEvkz"
  

  

• Restart kibana using the command below

  $- sudo systemctl restart kibana
  $- sudo systemctl status kibana
  

  

• Now, a password configuration page has been set for ELK.

  You have to login in with the username: elastic and the password: KvbllJs4wGahJEcplJEL