Skip to main content

Configuring Additional Components

Firewall

All of our installers display a message with an example firewall configuration at the end. This example is not recommended for production environments, only for testing.

For a test environment, it's sufficient to allow access on the port from anywhere. For example, to allow access to OpenSearch-Dashboards, enter the following command as the root user:

firewall-cmd --add-port=5601/tcp

This rule will be active until the firewalld service or the OS is restarted. To make the rule permanent, modify the command:

firewall-cmd --permanent --add-port=5601/tcp
firewall-cmd --reload

You can create a service in firewalld terminology, but in practice, it's not very convenient to use it for SAF.

For production environments, we recommend creating a separate zone in firewalld terminology and creating a rule within it to allow the necessary ports. The access filter to the zone can be a collection of IP addresses (ipset) or an interface if it is located entirely within a trusted zone.

If you use iptables instead of firewalld in your environment (assuming you have firewalld disabled), the following command will suffice for a test environment:

iptables -A INPUT -s 0.0.0.0/0 -p TCP --dport 5601 -j ACCEPT

This command will open port 5601/tcp for everyone, but the rule will be added to the end of the list. If a deny rule is used at the end, it's better to add the rule to the beginning (in the example, we add it instead of the first line):

iptables -I INPUT 1 -s 0.0.0.0/0 -p TCP --dport 5601 -j ACCEPT

Inventory Calculation Module

Connect via SSH to the server where OpenSearch is installed and create the directories for the Inventory calculation module. The calculation module is installed in the /app/opensearch/utils/inventory/ directory:

ls -l /app/opensearch/utils/inventory/
total 9740
-rw-r--r--. 1 opensearch opensearch     122 Apr 11 19:25 config.yml
-rwxr-xr-x. 1 opensearch opensearch 9964811 Apr 11 19:25 moduleInventory
-rw-r--r--. 1 opensearch opensearch    3955 Apr 11 19:25 README

Execute the command crontab -e as the superuser and add the scheduled execution of the calculation (every fifth minute of the hour):

*/5 * * * * /app/opensearch/utils/inventory/moduleInventory >> /app/opensearch/utils/inventory/logs/output.log 2>&1