Thank you Marius, I implemented the suggestions listed under: http://docs.graylog.org/en/2.0/pages/configuration/graylog_ctl.html#production-readiness apart from: "Seperate the box network-wise from the outside, otherwise Elasticsearch can be reached by anyone".
I'd like to limit access to our Graylog server from one VLAN (user) to another (servers; where Graylog is) so that only SSH is available (that is easy), but we also need to view the web page. Which ports must be accessible (HTTPS anything else)? Dne sreda, 29. junij 2016 21.14.17 UTC+2 je oseba Marius Sturm napisala: > Hi, > the OVAs in general are made for ease of setup and a quick getting started > experience with Graylog. The trade-off of this that some services need to > be less restricted as in a setup that is optimized for security. > Elasticsearch and MongoDB should always placed in a seperate network as > documented here: > http://docs.graylog.org/en/2.0/pages/configuration/graylog_ctl.html#production-readiness > > If you have higher security needs please consider a manual setup of > Graylog and make sure that all services are as secured as possible > http://docs.graylog.org/en/2.0/pages/installation/manual_setup.html > > Cheers, > Marius > > On 29 June 2016 at 19:57, <[email protected] <javascript:>> wrote: > >> We're using the latest version of Graylog OVA and have recently had a >> vulnerability assesment. I'm attaching the finding from the Nessus scanner. >> Can someone please shed some lights on these results focusing on the Medium >> severity and esp. MongoDB Service Without Authentication Detection and Web >> Server Generic Cookie Injection. >> >> Many thanks in advance. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Graylog Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/graylog2/6f262db7-5494-47ce-aa54-28fde164a383%40googlegroups.com >> >> <https://groups.google.com/d/msgid/graylog2/6f262db7-5494-47ce-aa54-28fde164a383%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > Developer > > Tel.: +49 (0)40 609 452 077 > Fax.: +49 (0)40 609 452 078 > > TORCH GmbH - A Graylog Company > Poolstraße 21 > 20335 Hamburg > Germany > > https://www.graylog.com <https://www.torch.sh/> > > Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 > Geschäftsführer: Lennart Koopmann (CEO) > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/14f3ae72-7b64-4c3c-8d85-2edd7c4363fb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
