[7.4][DOCS] Adds security content in the Elasticsearch Reference

docs/reference/index.asciidoc

@@ -54,7 +54,7 @@ include::data-rollup-transform.asciidoc[]
 
 include::high-availability.asciidoc[]
 
-include::security/index.asciidoc[]
+include::{xes-repo-dir}/security/index.asciidoc[]
 
 include::{xes-repo-dir}/watcher/index.asciidoc[]
 

x-pack/docs/en/security/auditing/event-types.asciidoc

@@ -18,7 +18,7 @@ The following is a list of the events that can be generated:
                                           realm type.
 | `access_denied`                   | | | Logged when an authenticated user attempts to execute
                                           an action they do not have the necessary
-                                          <<security-reference, privilege>> to perform.
+                                          <<security-privileges,privilege>> to perform.
 | `access_granted`                  | | | Logged when an authenticated user attempts to execute
                                           an action they have the necessary privilege to perform.
                                           When the `system_access_granted` event is included, all system
@@ -28,7 +28,7 @@ The following is a list of the events that can be generated:
                                           another user that they have the necessary privileges to do.
 | `run_as_denied`                   | | | Logged when an authenticated user attempts to <<run-as-privilege, run as>>
                                           another user action they do not have the necessary
-                                          <<security-reference, privilege>> to do so.
+                                          <<security-privileges,privilege>> to do so.
 | `tampered_request`                | | | Logged when the {security-features} detect that the request has
                                           been tampered with. Typically relates to `search/scroll`
                                           requests when the scroll ID is believed to have been

x-pack/docs/en/security/authentication/index.asciidoc

@@ -11,13 +11,8 @@ include::native-realm.asciidoc[]
 include::pki-realm.asciidoc[]
 include::saml-realm.asciidoc[]
 include::kerberos-realm.asciidoc[]
-
-include::{xes-repo-dir}/security/authentication/custom-realm.asciidoc[]
-
-include::{xes-repo-dir}/security/authentication/anonymous-access.asciidoc[]
-
-include::{xes-repo-dir}/security/authentication/user-cache.asciidoc[]
-
-include::{xes-repo-dir}/security/authentication/saml-guide.asciidoc[]
-
-include::{xes-repo-dir}/security/authentication/oidc-guide.asciidoc[]
+include::custom-realm.asciidoc[]
+include::anonymous-access.asciidoc[]
+include::user-cache.asciidoc[]
+include::saml-guide.asciidoc[]
+include::oidc-guide.asciidoc[]

x-pack/docs/en/security/authorization/index.asciidoc

@@ -1,24 +1,13 @@
 
 include::overview.asciidoc[]
-
 include::built-in-roles.asciidoc[]
-
-include::{xes-repo-dir}/security/authorization/managing-roles.asciidoc[]
-
+include::managing-roles.asciidoc[]
 include::privileges.asciidoc[]
-
 include::document-level-security.asciidoc[]
-
 include::field-level-security.asciidoc[]
-
-include::{xes-repo-dir}/security/authorization/alias-privileges.asciidoc[]
-
-include::{xes-repo-dir}/security/authorization/mapping-roles.asciidoc[]
-
-include::{xes-repo-dir}/security/authorization/field-and-document-access-control.asciidoc[]
-
-include::{xes-repo-dir}/security/authorization/run-as-privilege.asciidoc[]
-
+include::alias-privileges.asciidoc[]
+include::mapping-roles.asciidoc[]
+include::field-and-document-access-control.asciidoc[]
+include::run-as-privilege.asciidoc[]
 include::configuring-authorization-delegation.asciidoc[]
-
-include::{xes-repo-dir}/security/authorization/custom-authorization.asciidoc[]
+include::custom-authorization.asciidoc[]

x-pack/docs/en/security/ccs-clients-integrations.asciidoc → x-pack/docs/en/security/ccs-clients-integrations/index.asciidoc

@@ -32,14 +32,9 @@ be secured as well, or at least communicate with the cluster in a secured way:
 * {kibana-ref}/secure-reporting.html[Reporting]
 * {winlogbeat-ref}/securing-beats.html[Winlogbeat]
 
-include::ccs-clients-integrations/cross-cluster.asciidoc[]
-
-include::ccs-clients-integrations/java.asciidoc[]
-
-include::ccs-clients-integrations/http.asciidoc[]
-
-include::ccs-clients-integrations/hadoop.asciidoc[]
-
-include::ccs-clients-integrations/beats.asciidoc[]
-
-include::ccs-clients-integrations/monitoring.asciidoc[]
+include::cross-cluster.asciidoc[]
+include::java.asciidoc[]
+include::http.asciidoc[]
+include::hadoop.asciidoc[]
+include::beats.asciidoc[]
+include::monitoring.asciidoc[]

x-pack/docs/en/security/ccs-clients-integrations/monitoring.asciidoc

@@ -1,7 +1,7 @@
 [[secure-monitoring]]
 === Monitoring and security
 
-The <<xpack-monitoring,{stack} {monitor-features}>> consist of two components:
+The {stack} {monitor-features} consist of two components:
 an agent that you install on on each {es} and Logstash node, and a Monitoring UI
 in {kib}. The monitoring agent collects and indexes metrics from the nodes
 and you visualize the data through the Monitoring dashboards in {kib}. The agent

x-pack/docs/en/security/configuring-es.asciidoc

@@ -139,13 +139,13 @@ Events are logged to a dedicated `<clustername>_audit.json` file in
 To walk through the configuration of {security-features} in {es}, {kib}, {ls}, and {metricbeat}, see
 {stack-ov}/security-getting-started.html[Getting started with security].
 
-include::{es-repo-dir}/security/securing-communications/securing-elasticsearch.asciidoc[]
+include::securing-communications/securing-elasticsearch.asciidoc[]
 
-include::{es-repo-dir}/security/securing-communications/configuring-tls-docker.asciidoc[]
+include::securing-communications/configuring-tls-docker.asciidoc[]
 
-include::{es-repo-dir}/security/securing-communications/enabling-cipher-suites.asciidoc[]
+include::securing-communications/enabling-cipher-suites.asciidoc[]
 
-include::{es-repo-dir}/security/securing-communications/separating-node-client-traffic.asciidoc[]
+include::securing-communications/separating-node-client-traffic.asciidoc[]
 
 include::authentication/configuring-active-directory-realm.asciidoc[]
 include::authentication/configuring-file-realm.asciidoc[]
@@ -156,6 +156,6 @@ include::authentication/configuring-saml-realm.asciidoc[]
 
 include::authentication/configuring-kerberos-realm.asciidoc[]
 
-include::{es-repo-dir}/security/reference/files.asciidoc[]
+include::reference/files.asciidoc[]
 include::fips-140-compliance.asciidoc[]
 

x-pack/docs/en/security/get-started-builtin-users.asciidoc

@@ -0,0 +1,33 @@
+// tag::create-users[]
+There are <<built-in-users,built-in users>> that you can use for specific
+administrative purposes: `apm_system`, `beats_system`, `elastic`, `kibana`,
+`logstash_system`,  and `remote_monitoring_user`. 
+
+// end::create-users[]
+
+Before you can use them, you must set their passwords:
+
+. Restart {es}. For example, if you installed {es} with a `.tar.gz` package, run 
+the following command from the {es} directory:
++
+--
+["source","sh",subs="attributes,callouts"]
+----------------------------------------------------------------------
+./bin/elasticsearch
+----------------------------------------------------------------------
+
+See {ref}/starting-elasticsearch.html[Starting {es}].
+--
+
+. Set the built-in users' passwords.
++
+--
+// tag::create-users[]
+Run the following command from the {es} directory:
+
+["source","sh",subs="attributes,callouts"]
+----------------------------------------------------------------------
+./bin/elasticsearch-setup-passwords interactive
+----------------------------------------------------------------------
+// end::create-users[]
+--

x-pack/docs/en/security/get-started-enable-security.asciidoc

@@ -0,0 +1,35 @@
+When you use the basic and trial licenses, the {es} {security-features} are
+disabled by default. To enable them:
+
+. Stop {kib}. The method for starting and stopping {kib} varies depending on 
+how you installed it. For example, if you installed {kib} from an archive 
+distribution (`.tar.gz` or `.zip`), stop it by entering `Ctrl-C` on the command 
+line. See {kibana-ref}/start-stop.html[Starting and stopping {kib}]. 
+
+. Stop {es}. For example, if you installed {es} from an archive distribution, 
+enter `Ctrl-C` on the command line. See 
+{ref}/stopping-elasticsearch.html[Stopping {es}].
+
+. Add the `xpack.security.enabled` setting to the 
+`ES_PATH_CONF/elasticsearch.yml` file. 
++
+--
+TIP: The `ES_PATH_CONF` environment variable contains the path for the {es} 
+configuration files. If you installed {es} using archive distributions (`zip` or 
+`tar.gz`), it defaults to `ES_HOME/config`. If you used package distributions 
+(Debian or RPM), it defaults to `/etc/elasticsearch`. For more information, see 
+{ref}/settings.html[Configuring {es}].  
+
+For example, add the following setting:
+
+[source,yaml]
+----
+xpack.security.enabled: true
+----
+
+TIP: If you have a basic or trial license, the default value for this setting is 
+`false`. If you have a gold or higher license, the default value is `true`. 
+Therefore, it is a good idea to explicitly add this setting to avoid confusion 
+about whether {security-features} are enabled.  
+
+--

x-pack/docs/en/security/get-started-kibana-users.asciidoc

@@ -0,0 +1,62 @@
+When the {es} {security-features} are enabled, users must log in to {kib}
+with a valid user ID and password. 
+
+{kib} also performs some tasks under the covers that require use of the 
+built-in `kibana` user. 
+
+. Configure {kib} to use the built-in `kibana` user and the password that you 
+created:
+
+** If you don't mind having passwords visible in your configuration file, 
+uncomment and update the following settings in the `kibana.yml` file in your 
+{kib} directory:
++
+--
+TIP: If you installed {kib} using archive distributions (`zip` or 
+`tar.gz`), the `kibana.yml` configuration file is in `KIBANA_HOME/config`. If 
+you used package distributions (Debian or RPM), it's in `/etc/kibana`. For more 
+information, see {kibana-ref}/settings.html[Configuring {kib}].  
+
+For example, add the following settings:
+
+[source,yaml]
+----
+elasticsearch.username: "kibana"
+elasticsearch.password: "your_password"
+----
+
+Specify the password that you set with the `elasticsearch-setup-passwords` 
+command then save your changes to the file. 
+--
+
+** If you prefer not to put your user ID and password in the `kibana.yml` file, 
+store them in a keystore instead. Run the following commands to create the {kib} 
+keystore and add the secure settings:
++
+--
+// tag::store-kibana-user[]
+["source","sh",subs="attributes,callouts"]
+----------------------------------------------------------------------
+./bin/kibana-keystore create
+./bin/kibana-keystore add elasticsearch.username
+./bin/kibana-keystore add elasticsearch.password
+----------------------------------------------------------------------
+
+When prompted, specify the `kibana` built-in user and its password for these 
+setting values.  The settings are automatically applied when you start {kib}.   
+To learn more, see {kibana-ref}/secure-settings.html[Secure settings].
+// end::store-kibana-user[]
+--
+
+. Restart {kib}. For example, if you installed 
+{kib} with a `.tar.gz` package, run the following command from the {kib} 
+directory:
++
+--
+["source","sh",subs="attributes,callouts"]
+----------------------------------------------------------------------
+./bin/kibana
+----------------------------------------------------------------------
+
+See {kibana-ref}/start-stop.html[Starting and stopping {kib}]. 
+--