[6.5][DOCS] Adds security content in Elasticsearch Reference

docs/reference/index.asciidoc

@@ -59,9 +59,9 @@ include::monitoring/index.asciidoc[]
 
 include::rollup/index.asciidoc[]
 
-include::{xes-repo-dir}/watcher/index.asciidoc[]
+include::{xes-repo-dir}/security/index.asciidoc[]
 
-include::security/index.asciidoc[]
+include::{xes-repo-dir}/watcher/index.asciidoc[]
 
 include::rest-api/index.asciidoc[]
 

x-pack/docs/en/security/auditing/event-types.asciidoc

@@ -18,7 +18,7 @@ The following is a list of the events that can be generated:
                                           realm type.
 | `access_denied`                   | | | Logged when an authenticated user attempts to execute
                                           an action they do not have the necessary
-                                          <<security-reference, privilege>> to perform.
+                                          <<security-privileges,privilege>> to perform.
 | `access_granted`                  | | | Logged when an authenticated user attempts to execute
                                           an action they have the necessary privilege to perform.
                                           When the `system_access_granted` event is included, all system
@@ -28,7 +28,7 @@ The following is a list of the events that can be generated:
                                           another user that they have the necessary privileges to do.
 | `run_as_denied`                   | | | Logged when an authenticated user attempts to <<run-as-privilege, run as>>
                                           another user action they do not have the necessary
-                                          <<security-reference, privilege>> to do so.
+                                          <<security-privileges,privilege>> to do so.
 | `tampered_request`                | | | Logged when the {security-features} detect that the request has
                                           been tampered with. Typically relates to `search/scroll`
                                           requests when the scroll ID is believed to have been

x-pack/docs/en/security/auditing/index.asciidoc

@@ -1,18 +1,6 @@
-
-:edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/x-pack/docs/en/security/auditing/overview.asciidoc
 include::overview.asciidoc[]
-
-:edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/x-pack/docs/en/security/auditing/event-types.asciidoc
 include::event-types.asciidoc[]
-
-:edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/x-pack/docs/en/security/auditing/output-logfile.asciidoc
 include::output-logfile.asciidoc[]
-
-:edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/x-pack/docs/en/security/auditing/output-index.asciidoc
 include::output-index.asciidoc[]
-
-:edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/x-pack/docs/en/security/auditing/auditing-search-queries.asciidoc
 include::auditing-search-queries.asciidoc[]
-
-:edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/x-pack/docs/en/security/auditing/forwarding-logs.asciidoc
 include::forwarding-logs.asciidoc[]

x-pack/docs/en/security/authentication/index.asciidoc

@@ -11,11 +11,7 @@ include::native-realm.asciidoc[]
 include::pki-realm.asciidoc[]
 include::saml-realm.asciidoc[]
 include::kerberos-realm.asciidoc[]
-
-include::{xes-repo-dir}/security/authentication/custom-realm.asciidoc[]
-
-include::{xes-repo-dir}/security/authentication/anonymous-access.asciidoc[]
-
-include::{xes-repo-dir}/security/authentication/user-cache.asciidoc[]
-
-include::{xes-repo-dir}/security/authentication/saml-guide.asciidoc[]
+include::custom-realm.asciidoc[]
+include::anonymous-access.asciidoc[]
+include::user-cache.asciidoc[]
+include::saml-guide.asciidoc[]

x-pack/docs/en/security/authorization/index.asciidoc

@@ -1,22 +1,11 @@
-
 include::overview.asciidoc[]
-
 include::built-in-roles.asciidoc[]
-
-include::{xes-repo-dir}/security/authorization/managing-roles.asciidoc[]
-
+include::managing-roles.asciidoc[]
 include::privileges.asciidoc[]
-
 include::document-level-security.asciidoc[]
-
 include::field-level-security.asciidoc[]
-
-include::{xes-repo-dir}/security/authorization/alias-privileges.asciidoc[]
-
-include::{xes-repo-dir}/security/authorization/mapping-roles.asciidoc[]
-
-include::{xes-repo-dir}/security/authorization/field-and-document-access-control.asciidoc[]
-
-include::{xes-repo-dir}/security/authorization/run-as-privilege.asciidoc[]
-
-include::{xes-repo-dir}/security/authorization/custom-roles-provider.asciidoc[]
+include::alias-privileges.asciidoc[]
+include::mapping-roles.asciidoc[]
+include::field-and-document-access-control.asciidoc[]
+include::run-as-privilege.asciidoc[]
+include::custom-roles-provider.asciidoc[]

x-pack/docs/en/security/configuring-es.asciidoc

@@ -8,8 +8,7 @@
 The {es} {security-features} enable you to easily secure a cluster. You can
 password-protect your data as well as implement more advanced security measures
 such as encrypting communications, role-based access control, IP filtering, and
-auditing. For more information, see
-{stack-ov}/elasticsearch-security.html[Securing the {stack}].
+auditing. 
 
 To use {es} {security-features}:
 
@@ -25,7 +24,7 @@ https://www.elastic.co/subscriptions and
 
 . Verify that the `xpack.security.enabled` setting is `true` on each node in
 your cluster. If you are using a trial license, the default value is `false`.
-For more information, see {ref}/security-settings.html[Security Settings in {es}].
+For more information, see <<security-settings>>.
 
 . If you plan to run {es} in a Federal Information Processing Standard (FIPS) 
 140-2 enabled JVM, see <<fips-140-compliance>>. 
@@ -37,7 +36,7 @@ NOTE: This requirement applies to clusters with more than one node and to
 clusters with a single node that listens on an external interface. Single-node
 clusters that use a loopback interface do not have this requirement.  For more
 information, see
-{stack-ov}/encrypting-communications.html[Encrypting Communications].
+<<encrypting-communications>>.
 
 --
 .. <<node-certificates,Generate node certificates for each of your {es} nodes>>.
@@ -50,7 +49,7 @@ information, see
 +
 --
 The {es} {security-features} provide
-{stack-ov}/built-in-users.html[built-in users] to
+<<built-in-users,built-in users>> to
 help you get up and running. The +elasticsearch-setup-passwords+ command is the
 simplest method to set the built-in users' passwords for the first time.
 
@@ -125,7 +124,7 @@ curl -XPOST -u elastic 'localhost:9200/_xpack/security/user/johndoe' -H "Content
 xpack.security.audit.enabled: true
 ----------------------------
 +
-For more information, see {stack-ov}/auditing.html[Auditing Security Events] 
+For more information, see <<auditing>>
 and <<auditing-settings>>. 
 
 .. Restart {es}.
@@ -135,37 +134,18 @@ By default, events are logged to a dedicated `elasticsearch-access.log` file in
 easier analysis and control what events are logged. 
 --
 
-:edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/docs/reference/security/securing-communications/securing-elasticsearch.asciidoc
-include::{es-repo-dir}/security/securing-communications/securing-elasticsearch.asciidoc[]
-
-:edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/docs/reference/security/securing-communications/configuring-tls-docker.asciidoc
-include::{es-repo-dir}/security/securing-communications/configuring-tls-docker.asciidoc[]
-
-:edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/docs/reference/security/securing-communications/enabling-cipher-suites.asciidoc
-include::{es-repo-dir}/security/securing-communications/enabling-cipher-suites.asciidoc[]
-
-:edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/docs/reference/security/securing-communications/separating-node-client-traffic.asciidoc
-include::{es-repo-dir}/security/securing-communications/separating-node-client-traffic.asciidoc[]
-
-:edit_url:
+include::securing-communications/securing-elasticsearch.asciidoc[]
+include::securing-communications/configuring-tls-docker.asciidoc[]
+include::securing-communications/enabling-cipher-suites.asciidoc[]
+include::securing-communications/separating-node-client-traffic.asciidoc[]
 include::authentication/configuring-active-directory-realm.asciidoc[]
 include::authentication/configuring-file-realm.asciidoc[]
 include::authentication/configuring-ldap-realm.asciidoc[]
 include::authentication/configuring-native-realm.asciidoc[]
 include::authentication/configuring-pki-realm.asciidoc[]
 include::authentication/configuring-saml-realm.asciidoc[]
-
-:edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/x-pack/docs/en/security/authentication/configuring-kerberos-realm.asciidoc
 include::authentication/configuring-kerberos-realm.asciidoc[]
-
-:edit_url: 
 include::fips-140-compliance.asciidoc[]
-
-:edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/docs/reference/settings/security-settings.asciidoc
 include::{es-repo-dir}/settings/security-settings.asciidoc[]
-
-:edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/docs/reference/security/reference/files.asciidoc
-include::{es-repo-dir}/security/reference/files.asciidoc[]
-
-:edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/docs/reference/settings/audit-settings.asciidoc
+include::reference/files.asciidoc[]
 include::{es-repo-dir}/settings/audit-settings.asciidoc[]

x-pack/docs/en/security/get-started-security.asciidoc

@@ -27,7 +27,7 @@ example, http://127.0.0.1:5601[http://127.0.0.1:5601].
 [[get-started-license]]
 === Install a trial license
 
-include::{docdir}/get-started-trial.asciidoc[]
+include::get-started-trial.asciidoc[]
 
 [role="xpack"]
 [[get-started-enable-security]]
@@ -328,15 +328,15 @@ using the native realm. You learned how to create user IDs and roles that
 prevent unauthorized access to the {stack}. 
 
 Next, you'll want to try other features that are unlocked by your trial license, 
-such as {ml}. See <<ml-getting-started,Getting started with {ml}>>. 
+such as {ml}. See {stack-ov}/ml-getting-started.html[Getting started with {ml}]. 
 
 Later, when you're ready to increase the number of nodes in your cluster or set 
 up an production environment, you'll want to encrypt communications across the 
 {stack}. To learn how, read <<encrypting-communications>>. 
 
 For more detailed information about securing the {stack}, see:
 
-* {ref}/configuring-security.html[Configuring security in {es}]. Encrypt 
+* <<configuring-security,Configuring security in {es}>>. Encrypt 
 inter-node communications, set passwords for the built-in users, and manage your 
 users and roles.  
 

x-pack/docs/en/security/get-started-trial.asciidoc

@@ -17,5 +17,5 @@ major version, you cannot start a new trial. For example, if you have already
 activated a trial for v6.0, you cannot start a new trial until v7.0.
 
 At the end of the trial period, the platinum features operate in a 
-<<license-expiration,degraded mode>>. You can revert to a basic license, extend 
+{stack-ov}/license-expiration.html[degraded mode]. You can revert to a basic license, extend 
 the trial, or purchase a subscription. 

x-pack/docs/en/security/index.asciidoc

@@ -1,109 +1,39 @@
-[role="xpack"]
-[[elasticsearch-security]]
-= Securing the {stack}
+[[secure-cluster]]
+= Secure a cluster
 
 [partintro]
 --
 The {stack-security-features} enable you to easily secure a cluster. You can
 password-protect your data as well as implement more advanced security
 measures such as encrypting communications, role-based access control,
-IP filtering, and auditing. This guide describes how to configure the security
-features you need, and interact with your secured cluster.
-
-Security protects Elasticsearch clusters by:
-
-* <<preventing-unauthorized-access, Preventing unauthorized access>>
-  with password protection, role-based access control, and IP filtering.
-* <<preserving-data-integrity, Preserving the integrity of your data>>
-  with message authentication and SSL/TLS encryption.
-* <<maintaining-audit-trail, Maintaining an audit trail>>
-  so you know who's doing what to your cluster and the data it stores.
-
-[float]
-[[preventing-unauthorized-access]]
-=== Preventing unauthorized access
-
-To prevent unauthorized access to your Elasticsearch cluster, you must have a
-way to _authenticate_ users. This simply means that you need a way to validate
-that a user is who they claim to be. For example, you have to make sure only
-the person named _Kelsey Andorra_ can sign in as the user `kandorra`. The
-{es-security-features} provide a standalone authentication mechanism that enables
-you to quickly password-protect your cluster. If you're already using
-<<ldap-realm, LDAP>>, <<active-directory-realm, Active Directory>>, or
-<<pki-realm, PKI>> to manage users in your organization, the {security-features}
-are able to integrate with those systems to perform user authentication.
-
-In many cases, simply authenticating users isn't enough. You also need a way to
-control what data users have access to and what tasks they can perform. The
-{es-security-features} enable you to _authorize_ users by assigning access
-_privileges_ to _roles_ and assigning those roles to users. For example, this
-<<authorization,role-based access control>> mechanism (a.k.a RBAC) enables
-you to specify that the user `kandorra` can only perform read operations on the
-`events` index and can't do anything at all with other indices.
-
-The {security-features} also support <<ip-filtering, IP-based authorization>>.
-You can whitelist and blacklist specific IP addresses or subnets to control
-network-level access to a server.
-
-[float]
-[[preserving-data-integrity]]
-=== Preserving data integrity
-
-A critical part of security is keeping confidential data confidential.
-Elasticsearch has built-in protections against accidental data loss and
-corruption. However, there's nothing to stop deliberate tampering or data
-interception. The {stack-security-features} preserve the integrity of your
-data by <<ssl-tls, encrypting communications>> to and from nodes. For even
-greater protection, you can increase the <<ciphers, encryption strength>> and
-<<separating-node-client-traffic, separate client traffic from node-to-node communications>>.
-
-
-[float]
-[[maintaining-audit-trail]]
-=== Maintaining an audit trail
-
-Keeping a system secure takes vigilance. By using {stack-security-features} to
-maintain an audit trail, you can easily see who is accessing your cluster and
-what they're doing. By analyzing access patterns and failed attempts to access
-your cluster, you can gain insights into attempted attacks and data breaches.
-Keeping an auditable log of the activity in your cluster can also help diagnose
-operational issues.
-
-[float]
-=== Where to Go Next
-
-* <<security-getting-started, Getting Started>>
-  steps through how to install and start using Security for basic authentication.
-
-* <<how-security-works, How Security Works>>
-  provides more information about how Security supports user authentication,
-  authorization, and encryption.
-
+IP filtering, and auditing.
+
+* <<elasticsearch-security>>
+* <<configuring-security>>
+* <<how-security-works>>
+* <<setting-up-authentication>>
+* <<saml-guide>>
+* <<authorization>>
+* <<auditing>>
+* <<encrypting-communications>>
 * <<ccs-tribe-clients-integrations>>
-  shows you how to interact with an Elasticsearch cluster protected by the 
-  {stack-security-features}.
+* <<security-getting-started>>
+* <<encrypting-internode-communications>>
+* <<security-troubleshooting>>
+* <<security-limitations>>
 
-[float]
-=== Have Comments, Questions, or Feedback?
-
-Head over to our {security-forum}[Security Discussion Forum]
-to share your experience, questions, and suggestions.
 --
 
+include::overview.asciidoc[]
+include::configuring-es.asciidoc[]
 include::how-security-works.asciidoc[]
-
 include::authentication/index.asciidoc[]
-
 include::authorization/index.asciidoc[]
-
-include::{xes-repo-dir}/security/auditing/index.asciidoc[]
-
-include::{xes-repo-dir}/security/securing-communications.asciidoc[]
-
-include::{xes-repo-dir}/security/using-ip-filtering.asciidoc[]
-
-include::{xes-repo-dir}/security/tribe-clients-integrations.asciidoc[]
-
+include::auditing/index.asciidoc[]
+include::securing-communications/index.asciidoc[]
+include::using-ip-filtering.asciidoc[]
+include::tribe-clients-integrations/index.asciidoc[]
 include::get-started-security.asciidoc[]
-
 include::securing-communications/tutorial-tls-intro.asciidoc[]
+include::troubleshooting.asciidoc[]
+include::limitations.asciidoc[]

x-pack/docs/en/security/limitations.asciidoc

@@ -1,6 +1,9 @@
 [role="xpack"]
 [[security-limitations]]
 == Security limitations
+++++
+<titleabbrev>Limitations</titleabbrev>
+++++
 
 [float]
 === Plugins

docs/reference/security/securing-communications/enabling-cipher-suites.asciidoc → x-pack/docs/en/security/securing-communications/enabling-cipher-suites.asciidoc

@@ -1,6 +1,6 @@
 [role="xpack"]
 [[ciphers]]
-=== Enabling Cipher Suites for Stronger Encryption
+=== Enabling cipher suites for stronger encryption
 
 The TLS and SSL protocols use a cipher suite that determines the strength of
 encryption used to protect the data. You may want to increase the strength of