elastic · lcawl · Jul 27, 2018 · Jun 21, 2018 · Jun 22, 2018 · Jun 25, 2018
diff --git a/docs/en/stack/getting-started/get-started-stack.asciidoc b/docs/en/stack/getting-started/get-started-stack.asciidoc
@@ -198,7 +198,7 @@ and maps.
 To get started, we recommend that you install {kib} on the same server as {es},
 but it is not required. If you install the products on different servers, you'll
 need to change the URL (IP:PORT) of the {es} server in the {kib} configuration
-file, `config/kibana.yml`, before starting {kib}.
+file, `kibana.yml`, before starting {kib}.
 
 To download and install {kib}, open a terminal window and use the commands that
 work with your system:
@@ -483,6 +483,7 @@ The `setup` command loads the {kib} dashboards. If the dashboards are already
 set up, omit this command. The `-e` flag is optional and sends output to
 standard error instead of syslog.
 
+[[gs-start-metricbeat]]
 . Start {metricbeat}:
 +
 *deb and rpm:*
@@ -675,6 +676,7 @@ through {ls}, where you have full access to {ls} capabilities for collecting,
 enriching, and transforming data. 
 
 [float]
+[[gs-start-logstash]]
 ==== Start {ls}
 
 Use the command that works with your system. If you installed {ls} as a deb or

diff --git a/docs/en/stack/security/get-started-builtin-users.asciidoc b/docs/en/stack/security/get-started-builtin-users.asciidoc
@@ -0,0 +1,26 @@
+There are built-in users that you can use for specific administrative purposes:
+`elastic`, `kibana`, `logstash_system`, and `beats_system`. 
+
+Before you can use them, you must set their passwords:
+
+. Restart {es}. For example, if you installed {es} with a `.tar.gz` package, run 
+the following command from the {es} directory:
++
+--
+["source","sh",subs="attributes,callouts"]
+----------------------------------------------------------------------
+./bin/elasticsearch
+----------------------------------------------------------------------
+
+See {ref}/starting-elasticsearch.html[Starting {es}].
+--
+
+. Set the built-in users' passwords. Run the following command from the {es} 
+directory:
++
+--
+["source","sh",subs="attributes,callouts"]
+----------------------------------------------------------------------
+./bin/elasticsearch-setup-passwords interactive
+----------------------------------------------------------------------
+--
diff --git a/docs/en/stack/security/get-started-enable-security.asciidoc b/docs/en/stack/security/get-started-enable-security.asciidoc
@@ -0,0 +1,34 @@
+When you use the trial license, {security} is disabled by default. To enable it:
+
+. Stop {kib}. The method for starting and stopping {kib} varies depending on 
+how you installed it. For example, if you installed {kib} from an archive 
+distribution (`.tar.gz` or `.zip`), stop it by entering `Ctrl-C` on the command 
+line. See {kibana-ref}/start-stop.html[Starting and stopping {kib}]. 
+
+. Stop {es}. For example, if you installed {es} from an archive distribution, 
+enter `Ctrl-C` on the command line. See 
+{ref}/stopping-elasticsearch.html[Stopping {es}].
+
+. Add the `xpack.security.enabled` setting to the 
+`ES_PATH_CONF/elasticsearch.yml` file. 
++
+--
+TIP: The `ES_PATH_CONF` environment variable contains the path for the {es} 
+configuration files. If you installed {es} using archive distributions (`zip` or 
+`tar.gz`), it defaults to `ES_HOME/config`. If you used package distributions 
+(Debian or RPM), it defaults to `/etc/elasticsearch`. For more information, see 
+{ref}/settings.html[Configuring {es}].  
+
+For example, add the following setting:
+
+[source,yaml]
+----
+xpack.security.enabled: true
+----
+
+--
+
+When you enable {security}, basic authentication is enabled by default. To 
+communicate with the cluster, you must specify a username and password.
+Unless you <<anonymous-access,enable anonymous access>>, all requests that don't 
+include a user name and password are rejected.