elastic · lcawl · Oct 17, 2019 · Oct 16, 2019
diff --git a/docs/reference/index.asciidoc b/docs/reference/index.asciidoc
@@ -59,9 +59,9 @@ include::monitoring/index.asciidoc[]
 
 include::rollup/index.asciidoc[]
 
-include::{xes-repo-dir}/watcher/index.asciidoc[]
+include::{xes-repo-dir}/security/index.asciidoc[]
 
-include::security/index.asciidoc[]
+include::{xes-repo-dir}/watcher/index.asciidoc[]
 
 include::rest-api/index.asciidoc[]
 

diff --git a/docs/reference/security/index.asciidoc b/docs/reference/security/index.asciidoc
diff --git a/x-pack/docs/en/security/auditing/event-types.asciidoc b/x-pack/docs/en/security/auditing/event-types.asciidoc
@@ -16,7 +16,7 @@ The following is a list of the events that can be generated:
                                           realm type.
 | `access_denied`                   | | | Logged when an authenticated user attempts to execute
                                           an action they do not have the necessary
-                                          <<security-reference, privilege>> to perform.
+                                          <<security-privileges,privilege>> to perform.
 | `access_granted`                  | | | Logged when an authenticated user attempts to execute
                                           an action they have the necessary privilege to perform.
                                           When the `system_access_granted` event is included, all system
@@ -26,7 +26,7 @@ The following is a list of the events that can be generated:
                                           another user that they have the necessary privileges to do.
 | `run_as_denied`                   | | | Logged when an authenticated user attempts to <<run-as-privilege, run as>>
                                           another user action they do not have the necessary
-                                          <<security-reference, privilege>> to do so.
+                                          <<security-privileges,privilege>> to do so.
 | `tampered_request`                | | | Logged when {security} detects that the request has
                                           been tampered with. Typically relates to `search/scroll`
                                           requests when the scroll ID is believed to have been

diff --git a/x-pack/docs/en/security/auditing/index.asciidoc b/x-pack/docs/en/security/auditing/index.asciidoc
@@ -1,15 +1,6 @@
 
-:edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/x-pack/docs/en/security/auditing/overview.asciidoc
 include::overview.asciidoc[]
-
-:edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/x-pack/docs/en/security/auditing/event-types.asciidoc
 include::event-types.asciidoc[]
-
-:edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/x-pack/docs/en/security/auditing/output-logfile.asciidoc
 include::output-logfile.asciidoc[]
-
-:edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/x-pack/docs/en/security/auditing/output-index.asciidoc
 include::output-index.asciidoc[]
-
-:edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/x-pack/docs/en/security/auditing/forwarding-logs.asciidoc
 include::forwarding-logs.asciidoc[]
diff --git a/x-pack/docs/en/security/authentication/index.asciidoc b/x-pack/docs/en/security/authentication/index.asciidoc
@@ -10,11 +10,7 @@ include::native-realm.asciidoc[]
 include::pki-realm.asciidoc[]
 include::saml-realm.asciidoc[]
 include::kerberos-realm.asciidoc[]
-
-include::{xes-repo-dir}/security/authentication/custom-realm.asciidoc[]
-
-include::{xes-repo-dir}/security/authentication/anonymous-access.asciidoc[]
-
-include::{xes-repo-dir}/security/authentication/user-cache.asciidoc[]
-
-include::{xes-repo-dir}/security/authentication/saml-guide.asciidoc[]
+include::custom-realm.asciidoc[]
+include::anonymous-access.asciidoc[]
+include::user-cache.asciidoc[]
+include::saml-guide.asciidoc[]
diff --git a/x-pack/docs/en/security/authorization/index.asciidoc b/x-pack/docs/en/security/authorization/index.asciidoc
@@ -1,22 +1,12 @@
 
 include::overview.asciidoc[]
-
 include::built-in-roles.asciidoc[]
-
-include::{xes-repo-dir}/security/authorization/managing-roles.asciidoc[]
-
+include::managing-roles.asciidoc[]
 include::privileges.asciidoc[]
-
 include::document-level-security.asciidoc[]
-
 include::field-level-security.asciidoc[]
-
-include::{xes-repo-dir}/security/authorization/alias-privileges.asciidoc[]
-
-include::{xes-repo-dir}/security/authorization/mapping-roles.asciidoc[]
-
-include::{xes-repo-dir}/security/authorization/field-and-document-access-control.asciidoc[]
-
-include::{xes-repo-dir}/security/authorization/run-as-privilege.asciidoc[]
-
-include::{xes-repo-dir}/security/authorization/custom-roles-provider.asciidoc[]
+include::alias-privileges.asciidoc[]
+include::mapping-roles.asciidoc[]
+include::field-and-document-access-control.asciidoc[]
+include::run-as-privilege.asciidoc[]
+include::custom-roles-provider.asciidoc[]
diff --git a/x-pack/docs/en/security/configuring-es.asciidoc b/x-pack/docs/en/security/configuring-es.asciidoc
@@ -8,8 +8,7 @@
 {security} enables you to easily secure a cluster. With {security}, you can
 password-protect your data as well as implement more advanced security measures
 such as encrypting communications, role-based access control, IP filtering, and
-auditing. For more information, see
-{xpack-ref}/xpack-security.html[Securing the Elastic Stack].
+auditing.
 
 To use {security} in {es}:
 
@@ -20,12 +19,12 @@ If you want to try all of the {xpack} features, you can start a 30-day trial. At
 the end of the trial period, you can purchase a subscription to keep using the
 full functionality of the {xpack} components. For more information, see
 https://www.elastic.co/subscriptions and
-{xpack-ref}/license-management.html[License Management].
+{stack-ov}/license-management.html[License management].
 --
 
 . Verify that the `xpack.security.enabled` setting is `true` on each node in
 your cluster. If you are using a trial license, the default value is `false`.
-For more information, see {ref}/security-settings.html[Security Settings in {es}].
+For more information, see <<security-settings>>.
 
 . If you plan to run {es} in a Federal Information Processing Standard (FIPS) 
 140-2 enabled JVM, see <<fips-140-compliance>>. 
@@ -37,7 +36,7 @@ NOTE: This requirement applies to clusters with more than one node and to
 clusters with a single node that listens on an external interface. Single-node
 clusters that use a loopback interface do not have this requirement.  For more
 information, see
-{xpack-ref}/encrypting-communications.html[Encrypting Communications].
+<<encrypting-communications>>.
 
 --
 .. <<node-certificates,Generate node certificates for each of your {es} nodes>>.
@@ -50,7 +49,7 @@ information, see
 +
 --
 {security} provides
-{stack-ov}/built-in-users.html[built-in users] to
+<<built-in-users,built-in users>> to
 help you get up and running. The +elasticsearch-setup-passwords+ command is the
 simplest method to set the built-in users' passwords for the first time.
 
@@ -125,7 +124,7 @@ curl -XPOST -u elastic 'localhost:9200/_xpack/security/user/johndoe' -H "Content
 xpack.security.audit.enabled: true
 ----------------------------
 +
-For more information, see {xpack-ref}/auditing.html[Auditing Security Events] 
+For more information, see <<auditing>>
 and <<auditing-settings>>. 
 
 .. Restart {es}.
@@ -135,33 +134,17 @@ By default, events are logged to a dedicated `elasticsearch-access.log` file in
 easier analysis and control what events are logged. 
 --
 
-:edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/docs/reference/security/securing-communications/securing-elasticsearch.asciidoc
-include::{es-repo-dir}/security/securing-communications/securing-elasticsearch.asciidoc[]
-
-:edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/docs/reference/security/securing-communications/configuring-tls-docker.asciidoc
-include::{es-repo-dir}/security/securing-communications/configuring-tls-docker.asciidoc[]
-
-:edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/docs/reference/security/securing-communications/enabling-cipher-suites.asciidoc
-include::{es-repo-dir}/security/securing-communications/enabling-cipher-suites.asciidoc[]
-
-:edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/docs/reference/security/securing-communications/separating-node-client-traffic.asciidoc
-include::{es-repo-dir}/security/securing-communications/separating-node-client-traffic.asciidoc[]
-
-:edit_url:
+include::securing-communications/securing-elasticsearch.asciidoc[]
+include::securing-communications/configuring-tls-docker.asciidoc[]
+include::securing-communications/enabling-cipher-suites.asciidoc[]
+include::securing-communications/separating-node-client-traffic.asciidoc[]
 include::authentication/configuring-active-directory-realm.asciidoc[]
 include::authentication/configuring-file-realm.asciidoc[]
 include::authentication/configuring-ldap-realm.asciidoc[]
 include::authentication/configuring-native-realm.asciidoc[]
 include::authentication/configuring-pki-realm.asciidoc[]
 include::authentication/configuring-saml-realm.asciidoc[]
-
-:edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/x-pack/docs/en/security/authentication/configuring-kerberos-realm.asciidoc
 include::authentication/configuring-kerberos-realm.asciidoc[]
-
-:edit_url: 
 include::fips-140-compliance.asciidoc[]
-
-:edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/docs/reference/settings/security-settings.asciidoc
 include::{es-repo-dir}/settings/security-settings.asciidoc[]
-:edit_url: https://github.com/elastic/elasticsearch/edit/{branch}/docs/reference/settings/audit-settings.asciidoc
 include::{es-repo-dir}/settings/audit-settings.asciidoc[]
diff --git a/x-pack/docs/en/security/fips-140-compliance.asciidoc b/x-pack/docs/en/security/fips-140-compliance.asciidoc
@@ -114,7 +114,7 @@ features are not available while running in fips mode. The list is as follows:
 
 * Azure Classic Discovery Plugin
 * Ingest Attachment Plugin
-* The {ref}/certutil.html[`elasticsearch-certutil`] tool. However,
+* The <<certutil,`elasticsearch-certutil`>> tool. However,
  `elasticsearch-certutil` can very well be used in a non FIPS 140-2
   enabled JVM (pointing `JAVA_HOME` environment variable to a different java
   installation) in order to generate the keys and certificates that

diff --git a/x-pack/docs/en/security/get-started-builtin-users.asciidoc b/x-pack/docs/en/security/get-started-builtin-users.asciidoc
@@ -12,7 +12,7 @@ the following command from the {es} directory:
 ./bin/elasticsearch
 ----------------------------------------------------------------------
 
-See {ref}/starting-elasticsearch.html[Starting {es}].
+See <<starting-elasticsearch>>.
 --
 
 . Set the built-in users' passwords. Run the following command from the {es} 

diff --git a/x-pack/docs/en/security/get-started-enable-security.asciidoc b/x-pack/docs/en/security/get-started-enable-security.asciidoc
@@ -7,7 +7,7 @@ line. See {kibana-ref}/start-stop.html[Starting and stopping {kib}].
 
 . Stop {es}. For example, if you installed {es} from an archive distribution, 
 enter `Ctrl-C` on the command line. See 
-{ref}/stopping-elasticsearch.html[Stopping {es}].
+<<stopping-elasticsearch>>.
 
 . Add the `xpack.security.enabled` setting to the 
 `ES_PATH_CONF/elasticsearch.yml` file. 
@@ -17,7 +17,7 @@ TIP: The `ES_PATH_CONF` environment variable contains the path for the {es}
 configuration files. If you installed {es} using archive distributions (`zip` or 
 `tar.gz`), it defaults to `ES_HOME/config`. If you used package distributions 
 (Debian or RPM), it defaults to `/etc/elasticsearch`. For more information, see 
-{ref}/settings.html[Configuring {es}].  
+<<settings>>.  
 
 For example, add the following setting:
 

diff --git a/x-pack/docs/en/security/get-started-security.asciidoc b/x-pack/docs/en/security/get-started-security.asciidoc
@@ -328,15 +328,15 @@ using the native realm. You learned how to create user IDs and roles that
 prevent unauthorized access to the {stack}. 
 
 Next, you'll want to try other features that are unlocked by your trial license, 
-such as {ml}. See <<ml-getting-started,Getting started with {ml}>>. 
+such as {ml}. See {stack-ov}/ml-getting-started.html[Getting started with {ml}]. 
 
 Later, when you're ready to increase the number of nodes in your cluster or set 
 up an production environment, you'll want to encrypt communications across the 
 {stack}. To learn how, read <<encrypting-communications>>. 
 
 For more detailed information about securing the {stack}, see:
 
-* {ref}/configuring-security.html[Configuring security in {es}]. Encrypt 
+* <<configuring-security,Configuring security in {es}>>. Encrypt 
 inter-node communications, set passwords for the built-in users, and manage your 
 users and roles.  
 

diff --git a/x-pack/docs/en/security/get-started-trial.asciidoc b/x-pack/docs/en/security/get-started-trial.asciidoc
@@ -17,5 +17,5 @@ major version, you cannot start a new trial. For example, if you have already
 activated a trial for v6.0, you cannot start a new trial until v7.0.
 
 At the end of the trial period, the platinum features operate in a 
-<<license-expiration,degraded mode>>. You can revert to a basic license, extend 
+{stack-ov}/license-expiration.html[degraded mode]. You can revert to a basic license, extend 
 the trial, or purchase a subscription.