Siren Platform User Guide

Migrating the security settings from version 10.0.x to version 10.1.x

Before you begin, complete the steps in Upgrading to Elasticsearch version 6.3.2 via 5.6.10.

To upgrade the security settings from Siren Platform version 10.0.x with Elasticsearch 5.6.10 to Siren Platform version 10.2.x with Elasticsearch 6.3.2, complete the following steps:

  1. Back up the Search Guard configuration from Elasticsearch 5.6.10 by running the following command from the Elasticsearch 5.6.10 home directory:

    ./plugins/search-guard-5/tools/sgadmin.sh \
      --retrieve \
      -cn siren-distribution \
      -ts config/truststore.jks \
      -tspass password \
      -ks ../siren-investigate/pki/searchguard/CN\=sgadmin-keystore.jks \
      -kspass password \
      -h localhost \
      -p 9330 \
      -nhnv     
  2. Modify the sg_action_groups.yml file to ensure that the actions listed below are added to the existing action groups. Existing action groups and actions can be kept or added.

    SIREN_COMPOSITE:
      - "indices:admin/mappings/get*"
      - "indices:admin/aliases/get*"
    
    SIREN_CLUSTER:
      - "indices:data/read/scroll*"
      - "cluster:monitor/state"
    
  3. Modify the sg_roles.yml file to add the below actions to the existing roles. Existing actions can be kept:

    # Permissions for a Siren Alert user.
    sirenalert:
      cluster:
        - 'indices:monitor/stats'
        - 'cluster:monitor/main'
        - 'cluster:monitor/health'
        - 'cluster:monitor/stats'
      indices:
        '*':
          '*':
            - SEARCH
            - 'indices:monitor/stats'
    
    sirenserver:
      indices:
        '*':
          '*':
            - CLUSTER_COMPOSITE_OPS_RO
            - indices:monitor/stats
    
    sirenadmin:
      indices:
        '*':
          '*':
            - SIREN_READONLY          
    
  4. Rename the files to sg_internal_users.yml, sg_config.yml, sg_action_groups.yml sg_roles.yml, and sg_roles_mapping.yml and copy them into the ES6.3.2/config/sgconfig folder.

  5. Restore the Search Guard configuration on Elasticsearch version 6.3.2 by running the sgadmin command from the Elasticsearch 6.3.2 home directory:

    bash plugins/search-guard-6/tools/sgadmin.sh \
      -cd config/sgconfig \
      -cn siren-distribution \
      -ts config/truststore.jks \
      -tspass password \
      -ks ../siren-investigate/pki/searchguard/CN\=sgadmin-keystore.jks \
      -kspass password \
      -h localhost \
      -p 9330 \
      -nhnv