Right now, I am using two different versions of Elasticsearch: 5.6.8, and 6.4.3. For personal security reasons, I am looking to remove any unused jar files from both the lib and modules directories in elasticsearch. I am wondering if there are any that can be removed safely or if all are necessary.
In continuation, I know in the 6.4.3 modules, there are directories for x-pack. If I don't use x-pack, and don't plan on it, would it be safe to remove these?
Arbitrarily removing files from any application is likely to cause problems. What security advantage do you hope to gain? Elasticsearch is already highly modularized, and in through the java security manager, each part of the code has limited permissions (for example, only the data directory can be written to, not the config directory, and only the networking module can write to network sockets).
I know in the 6.4.3 modules, there are directories for x-pack. If I don't use x-pack, and don't plan on it, would it be safe to remove these?
There is an oss distribution that does not contain x-pack.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.