bonsaii logoBonsaii

OpenSearch Dashboards Installation and Configuration Guide - Part 3

Overview

This guide continues our comprehensive security infrastructure deployment, building upon the foundations established in Parts 1 and 2. We now have a secure OpenSearch indexer and Wazuh Manager operating in a production-ready configuration. In this section, we'll deploy OpenSearch Dashboards 2.15.0 to provide a web-based interface for security data visualization, analysis, and monitoring.

Prerequisites Review

Ensure completion of previous installation phases:

  • Part 1: Secure OpenSearch 2.15.0 installation with SSL/TLS configuration
  • Part 2: Wazuh Manager 4.12 deployment with secure indexer integration
  • ✅ Certificate Authority (CA) and certificate distribution infrastructure
  • ✅ Network security configuration and firewall rules

OpenSearch Dashboards Architecture

OpenSearch Dashboards serves as the primary user interface for security analysts and administrators, providing:

  • Data Visualization: Interactive charts, graphs, and dashboards for security metrics
  • Log Analysis: Advanced search and filtering capabilities across security events
  • Alerting Interface: Configuration and management of security alerts and notifications
  • User Management: Role-based access control and multi-tenancy support
  • Integration Platform: Extensible plugin architecture for custom security tools

Installation Process

System Prerequisites

Install required system packages for secure repository access and cryptographic operations:

# Install essential packages for secure repository management
sudo apt-get update && sudo apt-get -y install lsb-release ca-certificates curl gnupg2

Package Dependencies:

  • lsb-release: Linux Standard Base information for package compatibility
  • ca-certificates: Root certificate authorities for SSL/TLS verification
  • curl: Secure HTTP client for repository key retrieval
  • gnupg2: Advanced cryptographic operations for package verification

Repository Configuration

Import OpenSearch Release GPG Key

Following security best practices, verify package integrity through cryptographic signature validation:

# Import official OpenSearch Dashboards GPG key
curl -o- https://artifacts.opensearch.org/publickeys/opensearch-release.pgp | \
    sudo gpg --dearmor --batch --yes -o /usr/share/keyrings/opensearch-release-keyring

Security Note: The OpenSearch Dashboards repository uses a different GPG key than the main OpenSearch repository, ensuring proper package verification for dashboard-specific components.

Repository Registration

Configure the OpenSearch Dashboards repository for version 3.x compatibility:

# Add OpenSearch Dashboards repository with GPG verification
echo "deb [signed-by=/usr/share/keyrings/opensearch-release-keyring] https://artifacts.opensearch.org/releases/bundle/opensearch-dashboards/3.x/apt stable main" | \
    sudo tee /etc/apt/sources.list.d/opensearch-dashboards-3.x.list

Repository Verification

Validate repository configuration and package availability:

# Update package cache and verify repository access
sudo apt-get update
 
# List all available OpenSearch Dashboards versions
sudo apt list -a opensearch-dashboards

Version-Specific Installation

Install OpenSearch Dashboards version 2.15.0 to maintain compatibility with your existing OpenSearch infrastructure:

# Install specific version with compatibility assurance
sudo apt-get install opensearch-dashboards=2.15.0

Version Compatibility Matrix:

  • OpenSearch 2.15.0 ↔ OpenSearch Dashboards 2.15.0
  • Wazuh Manager 4.12 ↔ OpenSearch Dashboards 2.15.0
  • Certificate infrastructure established in Part 1

Security Configuration

SSL/TLS Certificate Deployment

Deploy the certificates generated in Part 1 to secure both client-to-dashboard and dashboard-to-OpenSearch communications:

# Define dashboard node name from certificate generation
NODE_NAME=dashboard
 
# Create secure certificate directory
mkdir /etc/opensearch-dashboards/certs
 
# Extract dashboard-specific certificates
tar -xf ./wazuh-certificates.tar -C /etc/opensearch-dashboards/certs/ \
    ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem
 
# Standardize certificate naming for configuration consistency
mv -n /etc/opensearch-dashboards/certs/$NODE_NAME.pem /etc/opensearch-dashboards/certs/dashboard.pem
mv -n /etc/opensearch-dashboards/certs/$NODE_NAME-key.pem /etc/opensearch-dashboards/certs/dashboard-key.pem
 
# Apply security-hardened permissions
chmod 500 /etc/opensearch-dashboards/certs           # Directory: read/execute for owner
chmod 400 /etc/opensearch-dashboards/certs/*         # Files: read-only for owner
chown -R opensearch-dashboards:opensearch-dashboards /etc/opensearch-dashboards/certs

Comprehensive Dashboard Configuration

Create a production-ready configuration file at /etc/opensearch-dashboards/opensearch_dashboards.yml:

# =================================================================
# OpenSearch Dashboards Security Configuration
# =================================================================
 
# Dashboard Server Network Configuration
server.host: bonsaii.local
server.port: 5601
 
# OpenSearch Cluster Connection
opensearch.hosts: ["https://bonsaii.local:9200"]
 
# =================================================================
# SSL/TLS Security Settings
# =================================================================
 
# Dashboard-to-OpenSearch Communication Security
opensearch.ssl.verificationMode: certificate
opensearch.ssl.certificateAuthorities: ["/etc/opensearch-dashboards/certs/root-ca.pem"]
 
# Client-to-Dashboard HTTPS Configuration
server.ssl.enabled: true
server.ssl.key: "/etc/opensearch-dashboards/certs/dashboard-key.pem"
server.ssl.certificate: "/etc/opensearch-dashboards/certs/dashboard.pem"
 
# =================================================================
# Authentication and Authorization
# =================================================================
 
# Service Account Credentials for OpenSearch Connection
opensearch.username: kibanaserver
opensearch.password: kibanaserver
 
# HTTP Header Management for Security Context
opensearch.requestHeadersAllowlist: ["authorization", "securitytenant"]
 
# =================================================================
# Multi-Tenancy and Access Control
# =================================================================
 
# Enable multi-tenant architecture for organizational security
opensearch_security.multitenancy.enabled: true
opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]
opensearch_security.readonly_mode.roles: ["kibana_read_only"]
 
# =================================================================
# Security Hardening Options
# =================================================================
 
# Disable telemetry for enhanced privacy
telemetry.enabled: false
 
# Security headers for web application protection
server.xsrf.allowlist: ["/api/saved_objects/_bulk_create"]
 
# Session management and timeout settings
opensearch_security.auth.type: "basicauth"

Configuration Security Analysis:

  1. Network Binding: Binds to specific hostname rather than all interfaces (0.0.0.0)
  2. Certificate Verification: Enforces full certificate chain validation
  3. Mutual TLS: Establishes encrypted communication channels
  4. Multi-Tenancy: Enables organizational data separation
  5. Access Control: Implements role-based security model

Service Management

Version Control and Updates

Prevent automatic updates that could compromise system stability:

# Lock OpenSearch Dashboards at current version
sudo apt-mark hold opensearch-dashboards

Service Initialization

Configure and start the OpenSearch Dashboards service:

# Reload systemd configuration
systemctl daemon-reload
 
# Enable automatic startup at boot
systemctl enable opensearch-dashboards
 
# Start the service
systemctl start opensearch-dashboards

Service Verification

Confirm successful service startup and configuration:

# Check service status and recent logs
systemctl status opensearch-dashboards
 
# Monitor real-time service logs
journalctl -u opensearch-dashboards -f
 
# Verify network port binding
netstat -tlnp | grep :5601

Access and Initial Configuration

Web Interface Access

Access the OpenSearch Dashboards interface via secure HTTPS:

https://bonsaii.local:5601

Initial Login Credentials:

  • Username: admin
  • Password: <custom-admin-password> (set during OpenSearch installation)

Post-Installation Security Checklist

  1. Change Default Passwords: Immediately update default service account passwords
  2. Create User Roles: Establish role-based access control for different user types
  3. Configure Tenants: Set up organizational tenants for data separation
  4. Enable Audit Logging: Activate comprehensive audit trails
  5. Configure SSL/TLS: Verify certificate validity and expiration dates

Integration Verification

Dashboard-to-OpenSearch Connectivity

Verify secure communication between dashboard and OpenSearch:

# Check dashboard logs for OpenSearch connection status
tail -f /var/log/opensearch-dashboards/opensearch_dashboards.log | grep -i "elasticsearch\|opensearch"
 
# Verify SSL certificate validation
openssl s_client -connect bonsaii.local:9200 -servername bonsaii.local

Wazuh Integration Validation

Confirm that Wazuh data is accessible through the dashboard:

# Check for Wazuh indices in OpenSearch
curl -X GET "https://bonsaii.local:9200/_cat/indices/wazuh*" \
    -u 'admin:<your-secure-password>' --insecure
 
# Verify dashboard can query Wazuh data
curl -X GET "https://bonsaii.local:5601/api/status" \
    --cert /etc/opensearch-dashboards/certs/dashboard.pem \
    --key /etc/opensearch-dashboards/certs/dashboard-key.pem \
    --cacert /etc/opensearch-dashboards/certs/root-ca.pem

Troubleshooting Common Issues

# Verify certificate chain and validity
openssl verify -CAfile /etc/opensearch-dashboards/certs/root-ca.pem \
    /etc/opensearch-dashboards/certs/dashboard.pem
 
# Check certificate expiration dates
openssl x509 -in /etc/opensearch-dashboards/certs/dashboard.pem -noout -dates

Connection Issues

# Test OpenSearch connectivity from dashboard server
curl -X GET "https://bonsaii.local:9200/_cluster/health" \
    --cert /etc/opensearch-dashboards/certs/dashboard.pem \
    --key /etc/opensearch-dashboards/certs/dashboard-key.pem \
    --cacert /etc/opensearch-dashboards/certs/root-ca.pem
 
# Verify DNS resolution
nslookup bonsaii.local

Performance Issues

# Monitor dashboard memory usage
ps aux | grep opensearch-dashboards
 
# Check disk space for logs
df -h /var/log/opensearch-dashboards/

Production Hardening Recommendations

Network Security

  1. Firewall Rules: Restrict access to port 5601 to authorized networks only
  2. Reverse Proxy: Consider using Nginx or Apache as a reverse proxy with additional security headers
  3. VPN Access: Require VPN connectivity for remote dashboard access

Application Security

  1. Session Management: Implement secure session timeouts and logout procedures
  2. Content Security Policy: Deploy strict CSP headers to prevent XSS attacks
  3. Rate Limiting: Implement request rate limiting to prevent abuse

Monitoring and Alerting

  1. Health Checks: Implement automated health monitoring for dashboard availability
  2. Performance Metrics: Monitor response times and resource utilization
  3. Security Alerts: Configure alerts for authentication failures and suspicious activities

Integration with Security Workflow

Dashboard Customization

Create security-focused dashboards for different operational needs:

  1. Executive Dashboard: High-level security metrics and KPIs
  2. Analyst Dashboard: Detailed threat intelligence and investigation tools
  3. Compliance Dashboard: Regulatory compliance monitoring and reporting
  4. Incident Response Dashboard: Real-time threat detection and response metrics

Automation Integration

Connect dashboards with security automation tools:

  1. SOAR Platforms: Integrate with Security Orchestration, Automation, and Response tools
  2. Ticketing Systems: Automated incident ticket creation from dashboard alerts
  3. Threat Intelligence: Integration with external threat intelligence feeds

Conclusion

OpenSearch Dashboards now provides a secure, web-based interface for your comprehensive security infrastructure. The implementation includes:

  • ✅ Secure HTTPS access with proper certificate validation
  • ✅ Multi-tenant architecture for organizational data separation
  • ✅ Role-based access control for different security personnel
  • ✅ Integration with OpenSearch and Wazuh for comprehensive security monitoring
  • ✅ Production-ready security configurations and hardening measures

Current Infrastructure Status:

  • Part 1: Secure OpenSearch indexer with SSL/TLS ✅
  • Part 2: Wazuh Manager with vulnerability detection ✅
  • Part 3: OpenSearch Dashboards with secure web interface ✅

Next Phase: Agent deployment, rule customization, and advanced threat detection configuration will complete your enterprise security infrastructure.

This dashboard serves as the central command center for your security operations, providing the visualization and analysis capabilities necessary for effective threat detection, incident response, and security compliance monitoring.

Back to Top