[collectd] Safety for exposing a collectd network listening port to internet
elliot.li.tech at gmail.com
elliot.li.tech at gmail.com
Wed Jan 16 16:35:36 CET 2019
On 1/15/19 1:59 PM, Ricardo J. Barberis wrote:
> El Martes 15/01/2019 a las 17:30, elliot.li.tech at gmail.com escribió:
>> Is it safe to expose a collectd network listening port to the internet?
>> I will have other machines running collectd and sending data to this
>> listener over the internet. I'll enable signature and encryption.
>>
>> I've searched the CVE database for collectd and only found two
>> vulnerabilities (CVE-2016-6254, CVE-2017-7401) that seem remotely
>> exploitable. For now I have the impression that the network parsing part
>> of collectd seems safe.
>>
>> Any comments are welcome. Thank you!
>
> The obvious, but I'd also filter via iptables/ip6tables which IPs can connect
> to collectd's port, just to be on the safe side.
I could. But I'm accepting incoming connections from users that move
around, so I wouldn't be able to restrict the IPs too much.
--
Elliot
More information about the collectd
mailing list