From dcd6e1d8d7fdf7a60dbaacf6499da0a31f41bb44 Mon Sep 17 00:00:00 2001 From: Kaimbacher Date: Fri, 1 Jul 2022 09:24:03 +0000 Subject: [PATCH] Update 'Install_Configure_ElasticSearch' --- Install_Configure_ElasticSearch.md | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/Install_Configure_ElasticSearch.md b/Install_Configure_ElasticSearch.md index fd05c59..7b468ba 100644 --- a/Install_Configure_ElasticSearch.md +++ b/Install_Configure_ElasticSearch.md @@ -57,3 +57,30 @@ Let's create a new file called 'memory.options' in the 'jvm.options.d' directory `sudo systemctl restart elasticsearch` # Step 3- Securing ElasticSearch +By default, Elasticsearch can be controlled by anyone who can access the HTTP API. This is not always a security risk because Elasticsearch listens only on the loopback interface (that is, 127.0.0.1), which can only be accessed locally. Thus, no public access is possible and as long as all server users are trusted, security may not be a major concern. + +If you need to allow remote access to the HTTP API, you can limit the network exposure with Ubuntu’s default firewall, UFW. + +We will now configure the firewall to allow access to the default Elasticsearch HTTP API port (TCP 9200) for the trusted remote host, generally the server you are using in a single-server setup, such as 172.16.4.48. To allow access, type the following command: + +`sudo ufw allow from 172.16.4.48 to any port 9200` + +Once that is complete, you can enable UFW with the command:\ +`sudo ufw enable` + +Finally, check the status of UFW with the following command:\ +`sudo ufw status` + + + +If you have specified the rules correctly, you should receive output like this: + +``` bash +Output +Status: active + +To Action From +-- ------ ---- +9200 ALLOW 198.51.100.0 +... +``` \ No newline at end of file