elasticsearch-operator icon indicating copy to clipboard operation
elasticsearch-operator copied to clipboard

Published 20 hours ago verified publisher icon upmc-enterprises

Fix Elasticsearch File Permission Warnings

Open karlskewes opened this issue 6 years ago • 0 comments

Have just rolled current master with while1eq1's 6.4.1 (thank you!) and saw some insecure file permissions warnings in the logs for Elasticsearch pods.

I think we can just set file permissions in places like deploy, sts, etc with defaultMode: 384 (0600) or 448 (700).

Not major. Thoughts? Open to a PR?

Warnings are:

[2018-10-30T01:56:44,474][WARN ][c.f.s.SearchGuardPlugin  ] Directory /elasticsearch/config has insecure file permissions (should be 0700)
[2018-10-30T01:56:44,475][WARN ][c.f.s.SearchGuardPlugin  ] File /elasticsearch/config/log4j2.properties has insecure file permissions (should be 0600)
[2018-10-30T01:56:44,475][WARN ][c.f.s.SearchGuardPlugin  ] Directory /elasticsearch/config/scripts has insecure file permissions (should be 0700)
[2018-10-30T01:56:44,475][WARN ][c.f.s.SearchGuardPlugin  ] File /elasticsearch/config/elasticsearch.yml has insecure file permissions (should be 0600)
[2018-10-30T01:56:44,475][WARN ][c.f.s.SearchGuardPlugin  ] File /elasticsearch/config/jvm.options has insecure file permissions (should be 0600)
[2018-10-30T01:56:44,476][WARN ][c.f.s.SearchGuardPlugin  ] File /elasticsearch/config/sg_action_groups.yml has insecure file permissions (should be 0600)
[2018-10-30T01:56:44,476][WARN ][c.f.s.SearchGuardPlugin  ] File /elasticsearch/config/sg_config.yml has insecure file permissions (should be 0600)
[2018-10-30T01:56:44,476][WARN ][c.f.s.SearchGuardPlugin  ] File /elasticsearch/config/sg_roles.yml has insecure file permissions (should be 0600)
[2018-10-30T01:56:44,476][WARN ][c.f.s.SearchGuardPlugin  ] File /elasticsearch/config/sg_internal_users.yml has insecure file permissions (should be 0600)
[2018-10-30T01:56:44,477][WARN ][c.f.s.SearchGuardPlugin  ] Directory /elasticsearch/config/certs has insecure file permissions (should be 0700)
[2018-10-30T01:56:44,477][WARN ][c.f.s.SearchGuardPlugin  ] File /elasticsearch/config/certs/..data has insecure file permissions (should be 0600)
[2018-10-30T01:56:44,477][WARN ][c.f.s.SearchGuardPlugin  ] File /elasticsearch/config/certs/cerebro.pem has insecure file permissions (should be 0600)
[2018-10-30T01:56:44,477][WARN ][c.f.s.SearchGuardPlugin  ] File /elasticsearch/config/certs/ca-key.pem has insecure file permissions (should be 0600)
[2018-10-30T01:56:44,478][WARN ][c.f.s.SearchGuardPlugin  ] File /elasticsearch/config/certs/node-key.pem has insecure file permissions (should be 0600)
[2018-10-30T01:56:44,478][WARN ][c.f.s.SearchGuardPlugin  ] File /elasticsearch/config/certs/node.pem has insecure file permissions (should be 0600)
[2018-10-30T01:56:44,478][WARN ][c.f.s.SearchGuardPlugin  ] File /elasticsearch/config/certs/truststore.jks has insecure file permissions (should be 0600)
[2018-10-30T01:56:44,478][WARN ][c.f.s.SearchGuardPlugin  ] File /elasticsearch/config/certs/sgadmin-key.pem has insecure file permissions (should be 0600)
[2018-10-30T01:56:44,479][WARN ][c.f.s.SearchGuardPlugin  ] File /elasticsearch/config/certs/sgadmin-keystore.jks has insecure file permissions (should be 0600)
[2018-10-30T01:56:44,479][WARN ][c.f.s.SearchGuardPlugin  ] File /elasticsearch/config/certs/node-keystore.jks has insecure file permissions (should be 0600)
[2018-10-30T01:56:44,479][WARN ][c.f.s.SearchGuardPlugin  ] File /elasticsearch/config/certs/kibana-key.pem has insecure file permissions (should be 0600)
[2018-10-30T01:56:44,479][WARN ][c.f.s.SearchGuardPlugin  ] File /elasticsearch/config/certs/cerebro-key.pem has insecure file permissions (should be 0600)
[2018-10-30T01:56:44,480][WARN ][c.f.s.SearchGuardPlugin  ] File /elasticsearch/config/certs/sgadmin.pem has insecure file permissions (should be 0600)
[2018-10-30T01:56:44,480][WARN ][c.f.s.SearchGuardPlugin  ] File /elasticsearch/config/certs/kibana.pem has insecure file permissions (should be 0600)
[2018-10-30T01:56:44,480][WARN ][c.f.s.SearchGuardPlugin  ] File /elasticsearch/config/certs/ca.pem has insecure file permissions (should be 0600)
[2018-10-30T01:56:44,480][WARN ][c.f.s.SearchGuardPlugin  ] File /elasticsearch/config/certs/node-key.pkcs8.pem has insecure file permissions (should be 0600)
[2018-10-30T01:56:44,480][WARN ][c.f.s.SearchGuardPlugin  ] Directory /elasticsearch/config/certs/..2018_10_30_01_55_40.536718799 has insecure file permissions (should be 0700)
[2018-10-30T01:56:44,481][WARN ][c.f.s.SearchGuardPlugin  ] File /elasticsearch/config/certs/..2018_10_30_01_55_40.536718799/ca.pem has insecure file permissions (should be 0600)

karlskewes avatar Oct 30 '18 02:10 karlskewes