Hi, the OVAs in general are made for ease of setup and a quick getting started experience with Graylog. The trade-off of this that some services need to be less restricted as in a setup that is optimized for security. Elasticsearch and MongoDB should always placed in a seperate network as documented here: http://docs.graylog.org/en/2.0/pages/configuration/graylog_ctl.html#production-readiness
If you have higher security needs please consider a manual setup of Graylog and make sure that all services are as secured as possible http://docs.graylog.org/en/2.0/pages/installation/manual_setup.html Cheers, Marius On 29 June 2016 at 19:57, <[email protected]> wrote: > We're using the latest version of Graylog OVA and have recently had a > vulnerability assesment. I'm attaching the finding from the Nessus scanner. > Can someone please shed some lights on these results focusing on the Medium > severity and esp. MongoDB Service Without Authentication Detection and Web > Server Generic Cookie Injection. > > Many thanks in advance. > > -- > You received this message because you are subscribed to the Google Groups > "Graylog Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/graylog2/6f262db7-5494-47ce-aa54-28fde164a383%40googlegroups.com > <https://groups.google.com/d/msgid/graylog2/6f262db7-5494-47ce-aa54-28fde164a383%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- Developer Tel.: +49 (0)40 609 452 077 Fax.: +49 (0)40 609 452 078 TORCH GmbH - A Graylog Company Poolstraße 21 20335 Hamburg Germany https://www.graylog.com <https://www.torch.sh/> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 Geschäftsführer: Lennart Koopmann (CEO) -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/CAMqbBbKuW_fuWPN3voTKYaaOtVAtYfYiiVobvtEFyoRFa0JYiQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
