axel -n 10 http://mirror.bit.edu.cn/apache/maven/maven-3/3.3.3/binaries/apache-maven-3.3.3-bin.tar.gz
tar zxvf apache-maven-3.3.3-bin.tar.gz
cd apache-maven-3.3.3/
#git search-guard and build
git clone -b es1.6 https://github.com/floragunncom/search-guard.git
cd search-guard ;/home/work/app/maven/bin/mvn package -DskipTests
#把编译好的包放到一个下载地址(方便于es集群使用,单台测试可不使用这种方案):
http://www.elain.org/dl/search-guard-16-0.6-SNAPSHOT.zip
在es上以插件方式安装编译好的包
cd /home/work/app/elasticsearch/plugins/
./bin/plugin -u http://www.elain.org/dl/search-guard-16-0.6-SNAPSHOT.zip -i search-guard
curl -XPUT 'http://localhost:9200/searchguard/ac/ac?pretty' -d '
{"acl": [
{
"__Comment__": "Default is to execute all filters",
"filters_bypass": [],
"filters_execute": ["actionrequestfilter.deny"]
}, //默认禁止访问
{
"__Comment__": "This means that every requestor (regardless of the requestors hostname and username) which has the root role can do anything",
"roles": [
"root"
],
"filters_bypass": ["*"],
"filters_execute": []
}, // root角色完全权限
{
"__Comment__": "This means that for the user spock on index popstuff only the actionrequestfilter.readonly will be executed, no other",
"users": ["user1"],
"indices": ["index1-*","index2-*",".kibana"],
"filters_bypass": ["actionrequestfilter.deny"],
"filters_execute": ["actionrequestfilter.readonly"]
}, //user1 用户只能访问index1-*,index2-* 索引,且只有只读权限
{
"__Comment__": "This means that for the user spock on index popstuff only the actionrequestfilter.readonly will be executed, no other",
"users": ["user2"],
"indices": ["index3-*",".kibana"],
"filters_bypass": ["actionrequestfilter.deny"],
"filters_execute": ["actionrequestfilter.readonly"]
} //user2 用户只能访问index3-* 索引,且只有只读权限
]}}