El Martes 15/01/2019 a las 17:30, elliot.li.t...@gmail.com escribió:
> Hi!
> Is it safe to expose a collectd network listening port to the internet?
> I will have other machines running collectd and sending data to this
> listener over the internet. I'll enable signature and encryption.
> I've searched the CVE database for collectd and only found two
> vulnerabilities (CVE-2016-6254, CVE-2017-7401) that seem remotely
> exploitable. For now I have the impression that the network parsing part
> of collectd seems safe.
> Any comments are welcome. Thank you!

The obvious, but I'd also filter via iptables/ip6tables which IPs can connect 
to collectd's port, just to be on the safe side.

Ricardo J. Barberis
Usuario Linux Nº 250625: http://counter.li.org/
Usuario LFS Nº 5121: http://www.linuxfromscratch.org/
Senior SysAdmin / IT Architect - www.DonWeb.com

collectd mailing list

Reply via email to