| Rxy | |
| Aug 6 2020, 12:21 PM |
| F31967693: image.png | |
| Aug 6 2020, 12:21 PM |
See the picture, kibana next sending telemetry to elastic.co
We are handling sensitive privacy things at kibana.
I guess better to we should disable that.
| Subject | Repo | Branch | Lines +/- | |
|---|---|---|---|---|
| kibana: disable telemetry and newsfeed | operations/puppet | production | +2 -0 |
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Resolved | colewhite | T272655 Phatality doesn't work with Kibana 7 | |||
| Resolved | herron | T234854 Upgrade ELK Stack to version 7 | |||
| Resolved | fgiunchedi | T259794 Kibana next sending telemetry to elastic.co |
perhaps rOPUP[/modules/kibana/manifests/init.pp$39-47](https://phabricator.wikimedia.org/source/operations-puppet/browse/production/modules/kibana/manifests/init.pp$39-48) ?
'telemetry.enabled => false, #T259794 'newsfeed.enabled' => false, #T259794
not sure
Change 618948 had a related patch set uploaded (by Filippo Giunchedi; owner: Filippo Giunchedi):
[operations/puppet@production] kibana: disable telemetry and newsfeed
Change 618948 merged by Filippo Giunchedi:
[operations/puppet@production] kibana: disable telemetry and newsfeed
@Rxy telemetry is disabled now and indeed I can't see the requests anymore, please confirm and reopen if needed, thank you!
Can we set a hard CSP on this domain at the web server level so that in general our report will be "oh no, there's a request attempt we didn't notice" (possibly with a "hm.. and feature X is partly not working as a result") - as opposed to "oh no, we're actually making requests we don't want."
+1 to this!
It's probably beyond the scope of this task, but I see the benefit of evaluating more restrictive CSPs for externally-facing tools.
Agreed, likely worth having a standard CSP policy for tools that are supposed to be self contained (in another task)