Missing privilege in docs for securing filebeat

[DanRoscigno]

For confirmed bugs, please report:

• Version: Filebeat 7.3
• Operating System: Linux (Ubuntu 18 LTS)
• Steps to Reproduce:
  • Configure a role "beat-writer" with Kibana that contains the roles as documented in filebeat docs
  • Run filebeat setup:

  sudo filebeat setup \
    -E cloud.id=<my cloud id> \
    -E cloud.auth=\${ES_SETUP_USER}:\${ES_SETUP_PASSWORD}`
  

  • Configure filebeat.yml using the new writer user
  • sudo filebeat -e

Fix: Add manage_index_templates permission to the role. I tried to write a PR for the docs, but I could not figure out where to add it. My asciidoc skills must be worse than my nunchuck skills today.

[dedemorton]

I'd like to stick with our recommendation that users pre-load the index template (using a setup role) before they run Filebeat. I'll update the security docs as described in issue #10241 (comment) to make it more explicit that users need to either disable the option to automatically load the index template, or grant additional privileges.

[DanRoscigno]

Thanks @dedemorton.

[dedemorton]

@DanRoscigno I think your concerns will be addressed in #13847 and #13849. Can I close this issue, or do you want to keep it open?

Strike that...I'm closing and you can reopen it if you feel that's necessary.