[Bug 902086] Review request: Elasticsearch

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



https://bugzilla.redhat.com/show_bug.cgi?id=902086



--- Comment #115 from Zbigniew Jędrzejewski-Szmek <zbyszek@xxxxxxxxx> ---
(In reply to jiri vanek from comment #100)
> > Second question: elasticsearch listens on 0.0.0.0:9200 by default, accepting
> > commands from the internet. 
> > This has to be fixed. Maybe a default configuration to limit it to ::1
> > should be added. I don't know what,
> > but something has to be done.
> 
> Afaik no simple option here. The firewalld shopud do this job or any other
> deployment tool like nginx  or similar...
The problem is that Workstation product runs with firewall disabled. People
might install ES without realizing that it listens on the network by default.
Even if it is documented somewhere. It is also very likely that ES will become
a dependency of other packages. Having it default to accepting commands from
the network seems like something that will bite our users. "Secure by default"
is the general principle.

> > Finally: I promised to start with a service file. I'll attach one in a
> > moment that should be good enough as a starting point. Its main limitation
> > is that elasticsearch runs as Type=simple, so systemd cannot tell when it is
> 
> Thank you . Included on my best, although I ddont have much experience with
> packaging services. (moreover walked through guidelines..)
Looks fine.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
_______________________________________________
package-review mailing list
package-review@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/package-review





[Index of Archives]     [Fedora Legacy]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]