elasticsearch运维系列_用户及角色权限相关SQL及脚本整理

这篇文章介绍ES运维过程中一些常用查询权限和角色的命令和脚本,以及如何查询某个索引可被系统中哪些用户访问。

Part1 查询用户及权限

1 查询所有用户

首先,获取所有用户的列表:

-- 命令如下
curl -u elastic:esuser -X GET "http://192.168.1.19:9200/_security/user?pretty"
-- 执行结果如下
{
  "flogsuperuser" : {
    "username" : "xxxsuperuser",
    "roles" : [
      "superuser"
    ],
    "full_name" : "",
    "email" : "",
    "metadata" : { },
    "enabled" : true
  },
  "limited_user" : {
    "username" : "limited_user",
    "roles" : [
      "limited_logs_reader"
    ],
    "full_name" : "Limited User",
    "email" : "limited.user@example.com",
    "metadata" : { },
    "enabled" : true
  },
  "elastic" : {
    "username" : "elastic",
    "roles" : [
      "superuser"
    ],
    "full_name" : null,
    "email" : null,
    "metadata" : {
      "_reserved" : true
    },
    "enabled" : true
  },
  "kibana" : {
    "username" : "kibana",
    "roles" : [
      "kibana_system"
    ],
    "full_name" : null,
    "email" : null,
    "metadata" : {
      "_deprecated" : true,
      "_deprecated_reason" : "Please use the [kibana_system] user instead.",
      "_reserved" : true
    },
    "enabled" : true
  },
  "kibana_system" : {
    "username" : "kibana_system",
    "roles" : [
      "kibana_system"
    ],
    "full_name" : null,
    "email" : null,
    "metadata" : {
      "_reserved" : true
    },
    "enabled" : true
  },
  "logstash_system" : {
    "username" : "logstash_system",
    "roles" : [
      "logstash_system"
    ],
    "full_name" : null,
    "email" : null,
    "metadata" : {
      "_reserved" : true
    },
    "enabled" : true
  },
  "beats_system" : {
    "username" : "beats_system",
    "roles" : [
      "beats_system"
    ],
    "full_name" : null,
    "email" : null,
    "metadata" : {
      "_reserved" : true
    },
    "enabled" : true
  },
  "apm_system" : {
    "username" : "apm_system",
    "roles" : [
      "apm_system"
    ],
    "full_name" : null,
    "email" : null,
    "metadata" : {
      "_reserved" : true
    },
    "enabled" : true
  },
  "remote_monitoring_user" : {
    "username" : "remote_monitoring_user",
    "roles" : [
      "remote_monitoring_collector",
      "remote_monitoring_agent"
    ],
    "full_name" : null,
    "email" : null,
    "metadata" : {
      "_reserved" : true
    },
    "enabled" : true
  }
}

2 查询特定用户的角色和权限

获取特定用户的角色和权限。例如,查询用户 limited_user

-- 执行命令
curl -u elastic:esuser -X GET "http://192.168.1.19:9200/_security/user/limited_user?pretty"
-- 执行结果如下
{
  "limited_user" : {
    "username" : "limited_user",
    "roles" : [
      "limited_logs_reader"
    ],
    "full_name" : "Limited User",
    "email" : "limited.user@example.com",
    "metadata" : { },
    "enabled" : true
  }
}

3 查询所有角色

获取所有角色的列表及其权限配置:

-- 命令如下
curl -u elastic:esuser -X GET "http://192.168.1.19:9200/_security/role?pretty"

-- 执行结果如下
{
  "kibana_dashboard_only_user" : {
    "cluster" : [ ],
    "indices" : [ ],
    "applications" : [
      {
        "application" : "kibana-.kibana",
        "privileges" : [
          "read"
        ],
        "resources" : [
          "*"
        ]
      }
    ],
    "run_as" : [ ],
    "metadata" : {
      "_deprecated" : true,
      "_deprecated_reason" : "Please use Kibana feature privileges instead",
      "_reserved" : true
    },
    "transient_metadata" : {
      "enabled" : true
    }
  },
  "apm_system" : {
    "cluster" : [
      "monitor",
      "cluster:admin/xpack/monitoring/bulk"
    ],
    "indices" : [
      {
        "names" : [
          ".monitoring-beats-*"
        ],
        "privileges" : [
          "create_index",
          "create_doc"
        ],
        "allow_restricted_indices" : false
      }
    ],
    "applications" : [ ],
    "run_as" : [ ],
    "metadata" : {
      "_reserved" : true
    },
    "transient_metadata" : {
      "enabled" : true
    }
  },
  "watcher_admin" : {
    "cluster" : [
      "manage_watcher"
    ],
    "indices" : [
      {
        "names" : [
          ".watches",
          ".triggered_watches",
          ".watcher-history-*"
        ],
        "privileges" : [
          "read"
        ],
        "allow_restricted_indices" : false
      }
    ],
    "applications" : [ ],
    "run_as" : [ ],
    "metadata" : {
      "_reserved" : true
    },
    "transient_metadata" : {
      "enabled" : true
    }
  },
  "logstash_system" : {
    "cluster" : [
      "monitor",
      "cluster:admin/xpack/monitoring/bulk"
    ],
    "indices" : [ ],
    "applications" : [ ],
    "run_as" : [ ],
    "metadata" : {
      "_reserved" : true
    },
    "transient_metadata" : {
      "enabled" : true
    }
  },
  "rollup_user" : {
    "cluster" : [
      "monitor_rollup"
    ],
    "indices" : [ ],
    "applications" : [ ],
    "run_as" : [ ],
    "metadata" : {
      "_reserved" : true
    },
    "transient_metadata" : {
      "enabled" : true
    }
  }

4 查询特定角色的权限

获取特定角色的权限配置。例如,查询角色 limited_logs_reader

-- 命令如下
curl -u elastic:esuser -X GET "http://192.168.1.19:9200/_security/role/limited_logs_reader?pretty"
-- 执行结果如下
{
  "limited_logs_reader" : {
    "cluster" : [ ],
    "indices" : [
      {
        "names" : [
          "xxxxxx_2024-06-14",
          "xxxxxx_2024-06-15",
          "xxxxxx_2024-06-16",
          "xxxxxx_2024-06-17"
        ],
        "privileges" : [
          "read"
        ],
        "allow_restricted_indices" : false
      }
    ],
    "applications" : [
      {
        "application" : "kibana-.kibana",
        "privileges" : [
          "read"
        ],
        "resources" : [
          "*"
        ]
      }
    ],
    "run_as" : [ ],
    "metadata" : { },
    "transient_metadata" : {
      "enabled" : true
    }
  }
}

5 汇总(查询用户及角色)命令脚本

以下是一个简单的脚本,汇总查询所有用户及其角色和权限的命令:

#!/bin/bash

# Elasticsearch URL
ES_URL="http://192.168.1.19:9200"

# Admin credentials
ADMIN_USER="elastic"
ADMIN_PASS="esuser"

# Query all users
echo "Querying all users..."
curl -u $ADMIN_USER:$ADMIN_PASS -X GET "$ES_URL/_security/user?pretty"

# Query all roles
echo "Querying all roles..."
curl -u $ADMIN_USER:$ADMIN_PASS -X GET "$ES_URL/_security/role?pretty"

将上述脚本保存为 query_users_and_roles.sh,添加执行权限并运行:

chmod +x query_users_and_roles.sh
./query_users_and_roles.sh

解释
  1) 查询所有用户:通过 GET /_security/user API 获取所有用户信息,包括用户名、角色等。
  2) 查询所有角色:通过 GET /_security/role API 获取所有角色信息,包括角色名、权限配置等。
上一篇:国产强大免费WAF, 社区版雷池动态防护介绍


下一篇:python常用的内置函数