[collectd] Safety for exposing a collectd network listening port to internet

Ricardo J. Barberis ricardo at palmtx.com.ar
Tue Jan 15 22:59:51 CET 2019


El Martes 15/01/2019 a las 17:30, elliot.li.tech at gmail.com escribió:
> Hi!
>
> Is it safe to expose a collectd network listening port to the internet?
> I will have other machines running collectd and sending data to this
> listener over the internet. I'll enable signature and encryption.
>
> I've searched the CVE database for collectd and only found two
> vulnerabilities (CVE-2016-6254, CVE-2017-7401) that seem remotely
> exploitable. For now I have the impression that the network parsing part
> of collectd seems safe.
>
> Any comments are welcome. Thank you!

The obvious, but I'd also filter via iptables/ip6tables which IPs can connect 
to collectd's port, just to be on the safe side.

Cheers,
-- 
Ricardo J. Barberis
Usuario Linux Nº 250625: http://counter.li.org/
Usuario LFS Nº 5121: http://www.linuxfromscratch.org/
Senior SysAdmin / IT Architect - www.DonWeb.com



More information about the collectd mailing list