Home Explore Help
Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: d13baade69
Branches Tags
elasticsearch
/
docs
/
reference
/
scripting
/
security.asciidoc

security.asciidoc 2.6 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263 
  1. [[modules-scripting-security]]
    2. 

  2. == Scripting and security
    3. 

  3. Painless and {es} implement layers of security to build a defense in depth
    4. 

  4. strategy for running scripts safely.
    5. 

  5. 

  6. Painless uses a fine-grained allowlist. Anything that is not part of the
    7. 

  7. allowlist results in a compilation error. This capability is the first layer of
    8. 

  8. security in a defense in depth strategy for scripting.
    9. 

  9. 

  10. The second layer of security is the https://www.oracle.com/java/technologies/javase/seccodeguide.html[Java Security Manager]. As part of its startup
    11. 

  11. sequence, {es} enables the Java Security Manager to limit the actions that
    12. 

  12. portions of the code can take. <<modules-scripting-painless,Painless>> uses 
    13. 

  13. the Java Security Manager as an additional layer of defense to prevent scripts 
    14. 

  14. from doing things like writing files and listening to sockets.
    15. 

  15. 

  16. {es} uses
    17. 

  17. {wikipedia}/Seccomp[seccomp] in Linux,
    18. 

  18. https://www.chromium.org/developers/design-documents/sandbox/osx-sandboxing-design[Seatbelt]
    19. 

  19. in macOS, and
    20. 

  20. https://msdn.microsoft.com/en-us/library/windows/desktop/ms684147[ActiveProcessLimit]
    21. 

  21. on Windows as additional security layers to prevent {es} from forking or 
    22. 

  22. running other processes.
    23. 

  23. 

  24. You can modify the following script settings to restrict the type of scripts
    25. 

  25. that are allowed to run, and control the available 
    26. 

  26. {painless}/painless-contexts.html[contexts] that scripts can run in. To
    27. 

  27. implement additional layers in your defense in depth strategy, follow the 
    28. 

  28. <<es-security-principles,{es} security principles>>.
    29. 

  29. 

  30. [[allowed-script-types-setting]]
    31. 

  31. [discrete]
    32. 

  32. === Allowed script types setting
    33. 

  33. 

  34. {es} supports two script types: `inline` and `stored`. By default, {es} is 
    35. 

  35. configured to run both types of scripts. To limit what type of scripts are run, 
    36. 

  36. set `script.allowed_types` to `inline` or `stored`. To prevent any scripts from 
    37. 

  37. running, set `script.allowed_types` to `none`.
    38. 

  38. 

  39. IMPORTANT: If you use {kib}, set `script.allowed_types` to `both` or `inline`.
    40. 

  40. Some {kib} features rely on inline scripts and do not function as expected
    41. 

  41. if {es} does not allow inline scripts.
    42. 

  42. 

  43. For example, to run `inline` scripts but not `stored` scripts:
    44. 

  44. 

  45. [source,yaml]
    46. 

  46. ----
    47. 

  47. script.allowed_types: inline
    48. 

  48. ----
    49. 

  49. 

  50. [[allowed-script-contexts-setting]]
    51. 

  51. [discrete]
    52. 

  52. === Allowed script contexts setting
    53. 

  53. 

  54. By default, all script contexts are permitted. Use the `script.allowed_contexts`
    55. 

  55. setting to specify the contexts that are allowed. To specify that no contexts
    56. 

  56. are allowed, set `script.allowed_contexts` to `none`.
    57. 

  57. 

  58. For example, to allow scripts to run only in `scoring` and `update` contexts:
    59. 

  59. 

  60. [source,yaml]
    61. 

  61. ----
    62. 

  62. script.allowed_contexts: score, update
    63. 

  63. ----
    64.