https://bugzilla.redhat.com/show_bug.cgi?id=902086 --- Comment #115 from Zbigniew Jędrzejewski-Szmek <zbyszek@xxxxxxxxx> --- (In reply to jiri vanek from comment #100) > > Second question: elasticsearch listens on 0.0.0.0:9200 by default, accepting > > commands from the internet. > > This has to be fixed. Maybe a default configuration to limit it to ::1 > > should be added. I don't know what, > > but something has to be done. > > Afaik no simple option here. The firewalld shopud do this job or any other > deployment tool like nginx or similar... The problem is that Workstation product runs with firewall disabled. People might install ES without realizing that it listens on the network by default. Even if it is documented somewhere. It is also very likely that ES will become a dependency of other packages. Having it default to accepting commands from the network seems like something that will bite our users. "Secure by default" is the general principle. > > Finally: I promised to start with a service file. I'll attach one in a > > moment that should be good enough as a starting point. Its main limitation > > is that elasticsearch runs as Type=simple, so systemd cannot tell when it is > > Thank you . Included on my best, although I ddont have much experience with > packaging services. (moreover walked through guidelines..) Looks fine. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/package-review