Security best practices - 10 points to consider - #5782 #7113
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
leanneeliatra
requested review from
hdhalter,
kolchfa-aws,
Naarcha-AWS,
vagimeli,
AMoo-Miki,
natebower,
dlvenable,
stephen-crawford and
epugh
as code owners
leanneeliatra
changed the title
|
@hdhalter can I bring your attention to the first draft of the security best practices document please. @AntonEliatra is adding more information tomorrow and many of the topics will be expanded on. Please add the security tag to this ticket too so it shows up on the list of PRs, thanks a million. |
Signed-off-by: [email protected] <[email protected]>
Signed-off-by: [email protected] <[email protected]>
leanneeliatra
force-pushed
the
Security-best-practices-5782
branch
from
c1363db
to
d831f8a
Compare
hdhalter
added
2 - In progress
Signed-off-by: AntonEliatra <[email protected]>
…ra/opensearch-documentation-website-forl into best-practice3
Signed-off-by: AntonEliatra <[email protected]>
Signed-off-by: AntonEliatra <[email protected]>
leanneeliatra
changed the title
|
@hdhalter cc @scrawfor99 Ready for review. Thanks a million. |
hdhalter
added
3 - Tech review
Naarcha-AWS
added
5 - Editorial review
natebower
requested changes
May 22, 2024
There was a problem hiding this comment.
@leanneeliatra @Naarcha-AWS Please see my comments and changes and tag me for approval when complete. Thanks!
Co-authored-by: Nathan Bower <[email protected]> Signed-off-by: leanneeliatra <[email protected]>
Signed-off-by: AntonEliatra <[email protected]>
|
@natebower thats been updated now |
natebower
reviewed
May 22, 2024
There was a problem hiding this comment.
@Naarcha-AWS @AntonEliatra @leanneeliatra Some outstanding comments. Thanks!
| ### Replace all demo certificates with your own PKI | ||
| The certificates generated when initializing an OpenSearch cluster with `install_demo_configuration.sh` are not suitable for production. These should be replaced with your own certificates. | ||
|
|
||
| You can generate custom certificates in a few different ways. One approach is to use OpenSSL, described in detail at [Generating self-signed certificates]({{site.url}}{{site.baseurl}}/security/configuration/generate-certificates/). Alternatively, there are online tools available that can simplify the certificate creation process. |
There was a problem hiding this comment.
I'm not sure that @Naarcha-AWS and I's comments here have been addressed.
|
|
||
| ## 10. Stay informed and apply updates | ||
|
|
||
| Regularly monitor OpenSearch Project security advisories and updates to stay informed about potential vulnerabilities or bugs. Promptly apply updates to the Security plugin and its dependencies to maintain a secure environment. |
There was a problem hiding this comment.
It looks like my comment re: a link has not been addressed.
Signed-off-by: AntonEliatra <[email protected]>
Signed-off-by: Naarcha-AWS <[email protected]>
Signed-off-by: AntonEliatra <[email protected]>
natebower
reviewed
May 22, 2024
Co-authored-by: Nathan Bower <[email protected]> Signed-off-by: AntonEliatra <[email protected]>
Signed-off-by: AntonEliatra <[email protected]>
natebower
approved these changes
May 24, 2024
There was a problem hiding this comment.
Thanks @leanneeliatra @AntonEliatra @Naarcha-AWS! LGTM once the remaining comment is resolved.
Hi @natebower thanks a million. |
Signed-off-by: Naarcha-AWS <[email protected]>
Naarcha-AWS
reviewed
May 29, 2024
Naarcha-AWS
reviewed
May 29, 2024
Naarcha-AWS
reviewed
May 29, 2024
Signed-off-by: Naarcha-AWS <[email protected]>
natebower
approved these changes
May 30, 2024
Co-authored-by: Nathan Bower <[email protected]> Signed-off-by: Naarcha-AWS <[email protected]>
opensearch-trigger-bot bot
pushed a commit
that referenced
this pull request
May 30, 2024
* adding top ten security best practices Signed-off-by: [email protected] <[email protected]> * changing nav order Signed-off-by: [email protected] <[email protected]> * adding to best practices Signed-off-by: AntonEliatra <[email protected]> * adding to best practices Signed-off-by: AntonEliatra <[email protected]> * adding to best practices Signed-off-by: AntonEliatra <[email protected]> * adding bonus tip Signed-off-by: [email protected] <[email protected]> * updates to best practices Signed-off-by: [email protected] <[email protected]> * integrating Darshits suggestions for improvement and reviewdog fixes Signed-off-by: [email protected] <[email protected]> * review suggestions to grammer Signed-off-by: [email protected] <[email protected]> * review suggestions to grammer Signed-off-by: [email protected] <[email protected]> * review suggestions to grammer Signed-off-by: [email protected] <[email protected]> * review suggestions to grammer Signed-off-by: [email protected] <[email protected]> * review suggestions to grammer Signed-off-by: [email protected] <[email protected]> * reviewdog update Signed-off-by: [email protected] <[email protected]> * Apply suggestions from code review Co-authored-by: Naarcha-AWS <[email protected]> Signed-off-by: leanneeliatra <[email protected]> * reviewdog updates Signed-off-by: [email protected] <[email protected]> * Update _security/configuration/best-practices.md Signed-off-by: Naarcha-AWS <[email protected]> * Apply suggestions from code review Co-authored-by: Nathan Bower <[email protected]> Signed-off-by: leanneeliatra <[email protected]> * Update best-practices.md Signed-off-by: AntonEliatra <[email protected]> * Update best-practices.md Signed-off-by: AntonEliatra <[email protected]> * Add editorial comment Signed-off-by: Naarcha-AWS <[email protected]> * Update best-practices.md Signed-off-by: AntonEliatra <[email protected]> * Update _security/configuration/best-practices.md Co-authored-by: Nathan Bower <[email protected]> Signed-off-by: AntonEliatra <[email protected]> * Update best-practices.md Signed-off-by: AntonEliatra <[email protected]> * Update best-practices.md Signed-off-by: Naarcha-AWS <[email protected]> * Apply suggestions from code review Signed-off-by: Naarcha-AWS <[email protected]> * Apply suggestions from code review Co-authored-by: Nathan Bower <[email protected]> Signed-off-by: Naarcha-AWS <[email protected]> --------- Signed-off-by: [email protected] <[email protected]> Signed-off-by: AntonEliatra <[email protected]> Signed-off-by: leanneeliatra <[email protected]> Signed-off-by: Naarcha-AWS <[email protected]> Co-authored-by: AntonEliatra <[email protected]> Co-authored-by: Naarcha-AWS <[email protected]> Co-authored-by: Nathan Bower <[email protected]> (cherry picked from commit 8e049cd) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
epugh
pushed a commit
to o19s/documentation-website
that referenced
this pull request
May 30, 2024
…5782 (opensearch-project#7113) * adding top ten security best practices Signed-off-by: [email protected] <[email protected]> * changing nav order Signed-off-by: [email protected] <[email protected]> * adding to best practices Signed-off-by: AntonEliatra <[email protected]> * adding to best practices Signed-off-by: AntonEliatra <[email protected]> * adding to best practices Signed-off-by: AntonEliatra <[email protected]> * adding bonus tip Signed-off-by: [email protected] <[email protected]> * updates to best practices Signed-off-by: [email protected] <[email protected]> * integrating Darshits suggestions for improvement and reviewdog fixes Signed-off-by: [email protected] <[email protected]> * review suggestions to grammer Signed-off-by: [email protected] <[email protected]> * review suggestions to grammer Signed-off-by: [email protected] <[email protected]> * review suggestions to grammer Signed-off-by: [email protected] <[email protected]> * review suggestions to grammer Signed-off-by: [email protected] <[email protected]> * review suggestions to grammer Signed-off-by: [email protected] <[email protected]> * reviewdog update Signed-off-by: [email protected] <[email protected]> * Apply suggestions from code review Co-authored-by: Naarcha-AWS <[email protected]> Signed-off-by: leanneeliatra <[email protected]> * reviewdog updates Signed-off-by: [email protected] <[email protected]> * Update _security/configuration/best-practices.md Signed-off-by: Naarcha-AWS <[email protected]> * Apply suggestions from code review Co-authored-by: Nathan Bower <[email protected]> Signed-off-by: leanneeliatra <[email protected]> * Update best-practices.md Signed-off-by: AntonEliatra <[email protected]> * Update best-practices.md Signed-off-by: AntonEliatra <[email protected]> * Add editorial comment Signed-off-by: Naarcha-AWS <[email protected]> * Update best-practices.md Signed-off-by: AntonEliatra <[email protected]> * Update _security/configuration/best-practices.md Co-authored-by: Nathan Bower <[email protected]> Signed-off-by: AntonEliatra <[email protected]> * Update best-practices.md Signed-off-by: AntonEliatra <[email protected]> * Update best-practices.md Signed-off-by: Naarcha-AWS <[email protected]> * Apply suggestions from code review Signed-off-by: Naarcha-AWS <[email protected]> * Apply suggestions from code review Co-authored-by: Nathan Bower <[email protected]> Signed-off-by: Naarcha-AWS <[email protected]> --------- Signed-off-by: [email protected] <[email protected]> Signed-off-by: AntonEliatra <[email protected]> Signed-off-by: leanneeliatra <[email protected]> Signed-off-by: Naarcha-AWS <[email protected]> Co-authored-by: AntonEliatra <[email protected]> Co-authored-by: Naarcha-AWS <[email protected]> Co-authored-by: Nathan Bower <[email protected]>
hdhalter
added
3 - Done
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
We are adding a new page in the documentation, outlining the best practices/considerations for security in OpenSearch.
Covering the ten points below:
Issues Resolved
Closes #5782
Checklist
For more information on following Developer Certificate of Origin and signing off your commits, please check here.