Hi Paul, I can refer you to the talk given by Adam Bordelon at MesosCon https://www.youtube.com/watch?v=G3sn1OLYDOE <https://www.youtube.com/watch?v=G3sn1OLYDOE>
If you want to the short answer, the solution is to put a firewall around your cluster. On a closer look on the port, it is the one used for message passing between the mesas-docker-executor and other mesos components. > On 05 Oct 2015, at 19:04, Paul Bell <[email protected]> wrote: > > Hi All, > > I am running an nmap port scan on a Mesos agent node and noticed nmap > reporting an open TCP port at 50577. > > Poking around some, I discovered exactly 5 mesos-docker-executor processes, > one for each of my 5 Docker containers, and each with an open listen port: > > root 14131 3617 0 10:39 ? 00:00:17 mesos-docker-executor > --container=mesos-20151002-172703-2450482247-5050-3014-S0.5563c65a-e33e-4287-8ce4-b2aa8116aa95 > --docker=/usr/local/ecxmcc/weaveShim --help=false > --mapped_directory=/mnt/mesos/sandbox > --sandbox_directory=/tmp/mesos/slaves/20151002-172703-2450482247-5050-3014-S0/frameworks/20151002-172703-2450482247-5050-3014-0000/executors/postgres.ea2954fd-6b6e-11e5-8bef-56847afe9799/runs/5563c65a-e33e-4287-8ce4-b2aa8116aa95 > --stop_timeout=15secs > > I suppose that all of this is unsurprising. But I know of at least one big > customer who will without delay run Nmap or Nessus against my clustered > deployment. > > So I am wondering what the best practices approach is to securing these open > ports. > > Thanks for your help. > > -Paul > > >
