Add ELK Security

Add security to ELk such that only localhost is able to access ELK.
All other hosts will be denied service. This fixes the open elastic
serach security vulnerability.

Issue-ID: POLICY-495
Change-Id: I7f5d6fef5963f984c2bce6933c8b214c0bd3be2b
Signed-off-by: Temoc Rodriguez <cr056n@att.com>

diff --git a/packages/base/src/files/install/elk/config/elasticsearch.yml b/packages/base/src/files/install/elk/config/elasticsearch.yml
index b890bb1..ec6def0 100644 (file)
--- a/packages/base/src/files/install/elk/config/elasticsearch.yml
+++ b/packages/base/src/files/install/elk/config/elasticsearch.yml
@@ -54,8 +54,8 @@ path.logs: ${{POLICY_HOME}}/logs
 #
 # Set the bind address to a specific IP (IPv4 or IPv6):
 #
-#network.host: 192.168.0.1
-network.host: ["${{ELK_NETWORK_HOST}}", "127.0.0.1"]
+# Only allow to run on localhost so it can't be queried from outside
+network.bind_host: ["_local_"]
 #
 # Set a custom port for HTTP:
 #
@@ -88,4 +88,4 @@ network.host: ["${{ELK_NETWORK_HOST}}", "127.0.0.1"]
 #
 # Require explicit names when deleting indices:
 #
-#action.destructive_requires_name: true
\ No newline at end of file
+#action.destructive_requires_name: true