Security Issue: Nagios Core - Performance Graphs Using Influ
Posted: Tue Aug 10, 2021 9:57 am
Hi,
The article Nagios Core - Performance Graphs Using InfluxDB + Nagflux + Grafana + Histou (https://support.nagios.com/kb/article/n ... lux_Config), have a critical security issue. When you install InfluxDB in a host with public IP without configure authentication (https://docs.influxdata.com/influxdb/v1 ... orization/): anybody in anywhere can access Influx database with one command (influx -host "IP or hostname"). Locally anybody in the network do the same. I'm tested this, my server had this issue.
The article Nagios Core - Performance Graphs Using InfluxDB + Nagflux + Grafana + Histou (https://support.nagios.com/kb/article/n ... lux_Config), have a critical security issue. When you install InfluxDB in a host with public IP without configure authentication (https://docs.influxdata.com/influxdb/v1 ... orization/): anybody in anywhere can access Influx database with one command (influx -host "IP or hostname"). Locally anybody in the network do the same. I'm tested this, my server had this issue.