Are there any unneeded .jar files for Elasticsearch?


(Benjamin Hadinger) #1

Right now, I am using two different versions of Elasticsearch: 5.6.8, and 6.4.3. For personal security reasons, I am looking to remove any unused jar files from both the lib and modules directories in elasticsearch. I am wondering if there are any that can be removed safely or if all are necessary.

In continuation, I know in the 6.4.3 modules, there are directories for x-pack. If I don't use x-pack, and don't plan on it, would it be safe to remove these?


(Ryan Ernst) #2

Arbitrarily removing files from any application is likely to cause problems. What security advantage do you hope to gain? Elasticsearch is already highly modularized, and in through the java security manager, each part of the code has limited permissions (for example, only the data directory can be written to, not the config directory, and only the networking module can write to network sockets).

I know in the 6.4.3 modules, there are directories for x-pack. If I don't use x-pack, and don't plan on it, would it be safe to remove these?

There is an oss distribution that does not contain x-pack.