Elasticsearch cluster security

Access control

Never ever run elasticsearch as root!

Scripts

script.inline: false  
script.stored: false  
script.file:   true

Script.inline enable run scripts provided inline in the API. Script.stored enable run stored script using API. Script.file  can run script which are stored in filesystem ( /etc/elasticsearch/scripts (rpm or deb), config/scripts (zip, tar).

Read more about scripting in elasticsearch e.g. Java security policy https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-scripting-security.html

 

Allow_explicit_index

rest.action.multi.allow_explicit_index: false

Elasticsearch will reject now multi-search, multi-get and bulk request with explicit index in body.

https://www.elastic.co/guide/en/elasticsearch/reference/current/url-access-control.html

Filtered alias

For specification and  for better user expirience it is possible to use filtred alias.

POST /_aliases
{
    "actions" : [
        { "add" : { "indices" : ["test1", "test2"], "alias" : "alias1" } }
    ]
}

https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-aliases.html#filtered

Service stability:

https://www.digitalocean.com/community/tutorials/how-to-set-up-a-production-elasticsearch-cluster-on-ubuntu-14-04

Sources:

https://www.elastic.co/guide/en/cloud/current/security.html

https://sematext.com/blog/2017/01/18/elasticsearch-security-authentication-encryption-backup/

https://www.opsdash.com/blog/howto-setup-elasticsearch-secure.html

 

 

Napsat komentář