Loading the security configuration

Prerequisites

In order to apply the minimal security configuration required to run Siren Investigate, you need:

The password of the elastic administrative user.
The commands bash and curl.

ECK initializes a random password for the elastic user during the setup and stores it in a secret named <cluster name>-es-elastic-user>. To get the password, fetch the secret and decode the password with kubectl, for example:

kubectl -n siren get secret/siren-es-elastic-user -o go-template='{{.data.elastic | base64decode}}'

Initializing and configuring the roles

Download the initialization scripts.
- If you have an Elastic Platinum license or have activated a trial license, download the following scripts:
  - initusers.sh
  - initroles.sh
- If you have an Elastic Basic license, download the following scripts:
  - initusers.sh
  - initroles.sh
    
    For more information about these scripts see Integrating Elastic Stack security.
Forward the cluster HTTP port to your machine, for example:
```
kubectl -n siren port-forward service/siren-es-http 9200
```
In a different terminal window, execute the initroles.sh script:
```
bash initroles.sh
```
When prompted, enter the following information:
- Elasticsearch username: Press kbd:[Enter].
- Elasticsearch password: Enter the password of the elastic user.
- Elasticsearch URL: Enter https://localhost:9200
- Investigate index prefix: Press kbd:[Enter].
- Prefix for data indices managed through Investigate: Press Enter.
- Index pattern matching indices readable by Investigate users: Press Enter.
- curl flags: Enter -k to skip the certificate validation. This is necessary because the certificate automatically generated by ECK does not contain localhost as a valid hostname.
  
  If the script is successful, you will see a list of replies from Elasticsearch to confirm the creation of the default roles, for example:
```
Creating investigate_system role...
{"role":{"created":true}}

Creating federate_system role...
{"role":{"created":true}}

Creating investigate_user role
{"role":{"created":true}}

Creating investigate_admin role
{"role":{"created":true}}
```
Execute the initusers.sh and when prompted, enter the following information:
- Elasticsearch username: Press kbd:[Enter].
- Elasticsearch password: Enter the password of the elastic user.
- Elasticsearch URL: Enter https://localhost:9200
- Password of sirenserver user: Enter a password for the sirenserver user.
- Password of federate user: Enter a password for the federate user. This user can be used by Siren Federate for internal operations on the cluster indices.
- Password of sirenuser user: Enter a password for the sirenuser user. This user can be used to sign in to Siren Investigate with administrative privileges.
- Password of sirenadmin user: Enter a password for the sirenadmin user. This user can be used to sign in to Siren Investigate with a reduced set of privileges for testing.
- curl flags: Enter -k to skip the certificate validation.
  
  If the script is successful you will see a list of replies from Elasticsearch to confirm the creation of the users, for example:
```
Creating sirenserver user
{"created":true}

Creating sirenadmin user
{"created":true}

Creating sirenuser user
{"created":true}

Creating federate system user
{"created":true}
```

Next steps

To deploy Siren Investigate on Kubernetes, see Setting up Siren Investigate on Kubernetes.

For more information about ECK options and scenarios, refer to Elastic’s ECK documentation.