summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTemoc Rodriguez <cr056n@att.com>2017-12-11 15:24:23 -0800
committerTemoc Rodriguez <cr056n@att.com>2017-12-12 15:28:06 -0800
commit436d3e2c78a8bff54f65ca1b07e71f5cc50e355a (patch)
tree14f4f7361c3a0e8b09ec996ebc13461bd34356c9
parent428150834ee60899b9a8da019bae3c8bf009adf1 (diff)
Add ELK Security
Add security to ELk such that only localhost is able to access ELK. All other hosts will be denied service. This fixes the open elastic serach security vulnerability. Issue-ID: POLICY-495 Change-Id: I7f5d6fef5963f984c2bce6933c8b214c0bd3be2b Signed-off-by: Temoc Rodriguez <cr056n@att.com>
-rw-r--r--packages/base/src/files/install/elk/config/elasticsearch.yml6
1 files changed, 3 insertions, 3 deletions
diff --git a/packages/base/src/files/install/elk/config/elasticsearch.yml b/packages/base/src/files/install/elk/config/elasticsearch.yml
index b890bb13b..ec6def080 100644
--- a/packages/base/src/files/install/elk/config/elasticsearch.yml
+++ b/packages/base/src/files/install/elk/config/elasticsearch.yml
@@ -54,8 +54,8 @@ path.logs: ${{POLICY_HOME}}/logs
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
-#network.host: 192.168.0.1
-network.host: ["${{ELK_NETWORK_HOST}}", "127.0.0.1"]
+# Only allow to run on localhost so it can't be queried from outside
+network.bind_host: ["_local_"]
#
# Set a custom port for HTTP:
#
@@ -88,4 +88,4 @@ network.host: ["${{ELK_NETWORK_HOST}}", "127.0.0.1"]
#
# Require explicit names when deleting indices:
#
-#action.destructive_requires_name: true \ No newline at end of file
+#action.destructive_requires_name: true