diff options
author | Temoc Rodriguez <cr056n@att.com> | 2017-12-11 15:24:23 -0800 |
---|---|---|
committer | Temoc Rodriguez <cr056n@att.com> | 2017-12-12 15:28:06 -0800 |
commit | 436d3e2c78a8bff54f65ca1b07e71f5cc50e355a (patch) | |
tree | 14f4f7361c3a0e8b09ec996ebc13461bd34356c9 /packages/base | |
parent | 428150834ee60899b9a8da019bae3c8bf009adf1 (diff) |
Add ELK Security
Add security to ELk such that only localhost is able to access ELK.
All other hosts will be denied service. This fixes the open elastic
serach security vulnerability.
Issue-ID: POLICY-495
Change-Id: I7f5d6fef5963f984c2bce6933c8b214c0bd3be2b
Signed-off-by: Temoc Rodriguez <cr056n@att.com>
Diffstat (limited to 'packages/base')
-rw-r--r-- | packages/base/src/files/install/elk/config/elasticsearch.yml | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/packages/base/src/files/install/elk/config/elasticsearch.yml b/packages/base/src/files/install/elk/config/elasticsearch.yml index b890bb13b..ec6def080 100644 --- a/packages/base/src/files/install/elk/config/elasticsearch.yml +++ b/packages/base/src/files/install/elk/config/elasticsearch.yml @@ -54,8 +54,8 @@ path.logs: ${{POLICY_HOME}}/logs # # Set the bind address to a specific IP (IPv4 or IPv6): # -#network.host: 192.168.0.1 -network.host: ["${{ELK_NETWORK_HOST}}", "127.0.0.1"] +# Only allow to run on localhost so it can't be queried from outside +network.bind_host: ["_local_"] # # Set a custom port for HTTP: # @@ -88,4 +88,4 @@ network.host: ["${{ELK_NETWORK_HOST}}", "127.0.0.1"] # # Require explicit names when deleting indices: # -#action.destructive_requires_name: true
\ No newline at end of file +#action.destructive_requires_name: true |