Today we will have some fun with ELK Stack and CentOS.
Seems with latest Kibana from opendistro package update (1.12.0-1) it is not able to bind to port 80 or 443 when is running under non-root account.
That is normal behavior because first 1024 ports are reserved and only root users can bound there.
You will see in in log file /var/log/messages something similar with:
61:7)\n at process._tickCallback (internal/process/next_tick.js:63:19)\n code: 'EACCES',\n errno: 'EACCES',\n syscall: 'listen',\n address: '0.0.0.0',\n port: 443 }"}
Feb 26 19:52:39 elk kibana[13973]: FATAL Error: listen EACCES: permission denied 0.0.0.0:443
Feb 26 19:52:39 elk systemd[1]: kibana.service: Main process exited, code=exited, status=1/FAILURE
Feb 26 19:52:39 elk systemd[1]: kibana.service: Failed with result 'exit-code'.To be able to bind port 80 or 443 we will need to set some new capabilities for kibana’s binaries. This can be done with the following commands as root user:
# setcap cap_net_bind_service=+epi /usr/share/kibana/bin/kibana
# setcap cap_net_bind_service=+epi /usr/share/kibana/bin/kibana-plugin
# setcap cap_net_bind_service=+epi /usr/share/kibana/bin/kibana-keystore
# setcap cap_net_bind_service=+epi /usr/share/kibana/node/bin/nodeWith this commands executed kibana will be able to bound on ports needed. To check if this we can execute the following command:
# netstat -tenpula | grep LIST | grep 443Output of this command should be similar with:
0 Comments