Recology

R/etc.

note to self, secure elasticsearch

    R elasticsearch security
 Source: .Rmd/.md

Recently I spun up a box on a cloud hosting provider planning to make a tens of thousdands of queries to an Elasticsearch instance on the same box. I could have done this on my own machine, but didn’t want to take up compute resources.

I installed R and Elasticsearch on the box, then went about doing my thang.

A day later when things were still running, the hosting provider sent me a message that apparently my box had been serving up a DDoS attack.

This was incredibly surprising, as I don’t even know how to do such a thing.

After some digging it seems that the culprit was likely Elasticsearch, as a number of tutorials/blog posts state that Elaticsearch is insecure by default, so if it’s exposed on a public port, someone can hack in. I had only used Elasticsearch locally on my own machine, so I hadn’t thought about security. Here’s a few resources for security help:

Trying to narrow down the various pieces of advice for securing Elasticsearch, here’s a list:

Elasticsearch provides a new feature for security that’s built into Elasticsearch, Shield, but I believe it’s only available to enterprise customers. Boo.

comments powered by Disqus