codingchili / kibana-mithril

Kibana nodejs/hapi plugin adds support for LDAP and 2-factor OTP authentication to dashboards.
https://kibana-mithril.com/
MIT License
51 stars 24 forks source link
2-factor javascript kibana kibana-plugin ldap nodejs otp plugin security

kibana-mithril Build Status

A plugin that adds authentication to Kibana dashboards! YouTube demo

⚠️⚠️⚠️ This plugin depends on outdated third-party dependencies with known vulnerabilities. ⚠️⚠️⚠️

key setup

Installing

To install the plugin use the kibana-plugin utility, example:

./kibana-plugin install 'https://github.com/codingchili/kibana-mithril/releases/download/1.2.2/mithril-windows-x86_64-7.0.0-beta1.zip'

Make sure that the kibana version and platform matches.

If there are no releases for your specific version/platform combination please submit a request or build it yourself.

To add a new user run the adduser utility, not supported in LDAP mode.

node adduser.js USERNAME PASSWORD

Configuration

To set where credentials are stored, change 'storage' in config.json. The supported modes are:

Two factor authentication can be disabled by setting 'two-factor.enabled' to false.

Defaults

File

This needs to be configured when using LDAP with two-factor authentication since the secret keys cannot be stored in the LDAP directory.

MongoDB

When using mongoDB as a credentials store, 2FA secrets are also stored in the database.

Note: does not support servers that requires authentication.

Ldap

In config.js there is some sample configuration for setting up LDAP connectivity.

Make sure to set the correct version in json.config. The version must match the version of Kibana being used. If you are using file-based authentication, make sure to remove the default user.

Features

Building the plugin

To check out the sources and build the plugin do the following

git clone https://github.com/codingchili/kibana-mithril
cd kibana-mithril
npm install
mocha test --recursive -u tdd

To build an installable zip run the following script

# make sure to match the kibana version
./release.sh <kibana-version>
# example:
./release.sh 6.6.0

This creates an installable zip in build/dist/.

The script can either be executed on a windows machine with gitbash or WSL or on a linux system. jq needs to be installed and available on the path for the script to work.

Dependencies

To compile the binary module argon2-ffi build tools are requried, install with

windows: 
  npm install --global --production windows-build-tools
unix:    
  sudo apt-get install build-essential libssl-dev libffi-dev python-dev

This installs MS build tools and python 2.7 and is required for node-gyp to work.

Troubleshooting

If the Kibana instance is already running it may be set to reload all plugins on change, if not then try restarting the instance.

Kibana compatibility matrix

If you have issues installing the plugin,

Known issues

Maintaining kibana plugins is hard work, the JS world is full of shifting paradigms and backwards compatibility is seldom prioritized. Lack of documentation and quality is a constant nightmare. Due to the heavy cost of upgrading there are few resources for adding new features. The upgrade from Kibana 6.3.2 to 6.4.X came with a truckload of breaking changes and took a week to finish.

Contributing

Any contributions are welcome, new issues, pull requests, security reviews!

donate