[Bug 902086] Review request: Elasticsearch

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



https://bugzilla.redhat.com/show_bug.cgi?id=902086



--- Comment #116 from jiri vanek <jvanek@xxxxxxxxxx> ---
(In reply to Zbigniew Jędrzejewski-Szmek from comment #115)
> (In reply to jiri vanek from comment #100)
> > > Second question: elasticsearch listens on 0.0.0.0:9200 by default, accepting
> > > commands from the internet. 
> > > This has to be fixed. Maybe a default configuration to limit it to ::1
> > > should be added. I don't know what,
> > > but something has to be done.
> > 
> > Afaik no simple option here. The firewalld shopud do this job or any other
> > deployment tool like nginx  or similar...
> The problem is that Workstation product runs with firewall disabled. People

How come? Wasnt it vice versa until recently?

> might install ES without realizing that it listens on the network by
> default. Even if it is documented somewhere. It is also very likely that ES
> will become a dependency of other packages. Having it default to accepting
> commands from the network seems like something that will bite our users.
> "Secure by default" is the general principle.
> 
Hmm. I agree. But currently  no idea. Crap.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
_______________________________________________
package-review mailing list
package-review@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/package-review





[Index of Archives]     [Fedora Legacy]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]