Elasticsearch: security concerns

Question

We are using elasticsearch as back-end for our in-house logging and monitoring system. We have multiple sites pouring in data to one ES cluster but in different index. e.g. abc-us has data from US site, abc-india has it from India site.

Now concerns are we need some security checks before pushing in data to cluster.

data coming to index is coming from right IP address
incoming json request is of inserting new data and not delete/update
while reading we want certain IP should not be able to read data of other index.

Kindly let me know if its possible to achieve using elasticsearch.

https://github.com/salyh/elasticsearch-security-plugin – salyh Jan 20 '15 at 15:08 — salyh, Jan 20 '15 at 15:08

score 1 · Accepted Answer · answered Sep 13 '14 at 07:35

The elasticsearch-jetty plugin brings full power of Jetty and adds several new features to elasticsearch. With this plugin elasticsearch can now handle SSL connections, support basic authentication, and log all or some incoming requests in plain text or json formats.

The idea is to add a Jetty wrapper to ElasticSearch, as a plugin.

What remains is only to restrict certain URL and some methods (eg DELETE) to some users.

You can find elasticsearch-jetty on github with detailed specification about it's usage, configuration and limitations of course.

Elasticsearch: security concerns

1 Answers1