Updated on 2025-01-20 GMT+08:00

CSS Clusters Support the Security Mode

Rule Details

Table 1 Rule details

Parameter

Description

Rule Name

css-cluster-security-mode-enable

Identifier

css-cluster-security-mode-enable

Description

If a CSS cluster does not support the security mode, this cluster is noncompliant.

Tag

css

Trigger Type

Configuration change

Filter Type

css.clusters

Configure Rule Parameters

None

Applicable Scenario

Clusters in non-security mode can be accessed without security authentication, and HTTP protocol is used to transmit data. Ensure access environment security and do not expose the access APIs to the public network. A security-mode cluster requires security authentication and supports authorization and encryption. It is advised to use HTTPS for communication to ensure data security. For details, see Changing the Security Mode of an Elasticsearch Cluster.

Solution

Some cluster versions do not support the security mode. Use a version that supports the security mode, for example, Elasticsearch 7.10.2.

Rule Logic

  • If a CSS cluster does not support the security mode, this cluster is noncompliant.
  • If a CSS cluster supports the security mode, this cluster is compliant.