On 1/15/19 1:59 PM, Ricardo J. Barberis wrote:
El Martes 15/01/2019 a las 17:30, elliot.li.t...@gmail.com escribió:
Is it safe to expose a collectd network listening port to the internet?
I will have other machines running collectd and sending data to this
listener over the internet. I'll enable signature and encryption.

I've searched the CVE database for collectd and only found two
vulnerabilities (CVE-2016-6254, CVE-2017-7401) that seem remotely
exploitable. For now I have the impression that the network parsing part
of collectd seems safe.

Any comments are welcome. Thank you!

The obvious, but I'd also filter via iptables/ip6tables which IPs can connect
to collectd's port, just to be on the safe side.

I could. But I'm accepting incoming connections from users that move around, so I wouldn't be able to restrict the IPs too much.

--
Elliot

_______________________________________________
collectd mailing list
collectd@verplant.org
https://mailman.verplant.org/listinfo/collectd

Reply via email to