Skip to main content Link Menu Expand (external link) Document Search Copy Copied

Elasticsearch Hardening for DevSecOps

Table of contents

  1. Disable dynamic scripting and disable inline scripts
  2. Disable unused HTTP methods
  3. Restrict access to Elasticsearch ports
  4. Use a reverse proxy to secure Elasticsearch

List of some best practices to harden Elasticsearch for DevSecOps

Disable dynamic scripting and disable inline scripts

sudo nano /etc/elasticsearch/elasticsearch.yml
Set the following configurations:
script.inline: false
script.stored: false
script.engine: “groovy”

Disable unused HTTP methods

sudo nano /etc/elasticsearch/elasticsearch.yml Add the following configuration:
http.enabled: true
http.cors.allow-origin: "/.*/"http.cors.enabled: true
http.cors.allow-methods: HEAD,GET,POST,PUT,DELETE,OPTIONS
http.cors.allow-headers: "X-Requested-With,Content-Type,Content-Length"
http.max_content_length: 100mb

Restrict access to Elasticsearch ports

sudo nano /etc/sysconfig/iptables
Add the following rules to only allow incoming connections from trusted IP addresses:
-A INPUT -p tcp -m tcp --dport 9200 -s 10.0.0.0/8 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9200 -s 192.168.0.0/16 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9200 -j DROP
Restart the iptables service to apply changes.
sudo service iptables restart

Use a reverse proxy to secure Elasticsearch

Set up a reverse proxy (e.g. Nginx, Apache) in front of Elasticsearch and configure SSL/TLS encryption and authentication.