ES settings alone would be great, are there other options that I could have missed? right now the main priority is preventing document updates/deletes (and index deletes) via the ES rest api.
Thanks On Thursday, June 12, 2014 6:21:36 PM UTC+3, Jörg Prante wrote: > > There are a lot of methods to tamper with ES files, and physically, > everything is possible to modify in files as long as your operating system > permits more than something like "append-only" mode for ES files (not that > I know this would work) > > So it depends on your requirements about the security level you want to > reach, if ES settings alone can help you or if you need more (paranoid) > configurations. > > Jörg > > > On Thu, Jun 12, 2014 at 4:48 PM, Harvii Dent <[email protected] > <javascript:>> wrote: > >> Hello, >> >> I'm planning to use Elasticsearch with Logstash for logs management and >> search, however, one thing I'm unable to find an answer for is making sure >> that the data cannot be modified once it reaches Elasticsearch. >> >> "action.destructive_requires_name" prevents deleting all indices at once, >> but they can still be deleted. Are there any options to prevent deleting >> indices altogether? >> >> And on the document level, is it possible to disable 'delete' *AND* >> 'update' operations without setting the entire index as read-only (ie. >> 'index.blocks.read_only')? >> >> Lastly, does setting 'index.blocks.read_only' ensure that the index files >> on disk are not changed (so they can be monitored using a file integrity >> monitoring solution)? as many regulatory and compliance bodies have >> requirements for ensuring logs integrity. >> >> Thanks >> >> -- >> You received this message because you are subscribed to the Google Groups >> "elasticsearch" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/elasticsearch/dfc73db4-18ac-405e-8929-68be32b01a6c%40googlegroups.com >> >> <https://groups.google.com/d/msgid/elasticsearch/dfc73db4-18ac-405e-8929-68be32b01a6c%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/190a707b-9edf-4128-9740-79d59f0bc209%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
