El Martes 15/01/2019 a las 17:30, [email protected] escribió: > Hi! > > Is it safe to expose a collectd network listening port to the internet? > I will have other machines running collectd and sending data to this > listener over the internet. I'll enable signature and encryption. > > I've searched the CVE database for collectd and only found two > vulnerabilities (CVE-2016-6254, CVE-2017-7401) that seem remotely > exploitable. For now I have the impression that the network parsing part > of collectd seems safe. > > Any comments are welcome. Thank you!
The obvious, but I'd also filter via iptables/ip6tables which IPs can connect to collectd's port, just to be on the safe side. Cheers, -- Ricardo J. Barberis Usuario Linux Nº 250625: http://counter.li.org/ Usuario LFS Nº 5121: http://www.linuxfromscratch.org/ Senior SysAdmin / IT Architect - www.DonWeb.com _______________________________________________ collectd mailing list [email protected] https://mailman.verplant.org/listinfo/collectd
