Hi, I am using collectd on "the internets" for ages, but as was said in previous message, I have firewall and I limit access to hosts/networks that send me data.
Enabling signatures and encryption can actually open new possible vulnerabilities due to used libraries. Is there a special reason why not to use VPN and open collectd socket to the internets? If you want to be more secure, it might be good idea to use simple VPN with limited code base like wireguard. Best regards Josef Dne 15. 01. 19 v 22:59 Ricardo J. Barberis napsal(a): > El Martes 15/01/2019 a las 17:30, [email protected] escribió: >> Hi! >> >> Is it safe to expose a collectd network listening port to the internet? >> I will have other machines running collectd and sending data to this >> listener over the internet. I'll enable signature and encryption. >> >> I've searched the CVE database for collectd and only found two >> vulnerabilities (CVE-2016-6254, CVE-2017-7401) that seem remotely >> exploitable. For now I have the impression that the network parsing part >> of collectd seems safe. >> >> Any comments are welcome. Thank you! > > The obvious, but I'd also filter via iptables/ip6tables which IPs can connect > to collectd's port, just to be on the safe side. > > Cheers, > _______________________________________________ collectd mailing list [email protected] https://mailman.verplant.org/listinfo/collectd
