Hi,
The article Nagios Core - Performance Graphs Using InfluxDB + Nagflux + Grafana + Histou (https://support.nagios.com/kb/article/n ... lux_Config), have a critical security issue. When you install InfluxDB in a host with public IP without configure authentication (https://docs.influxdata.com/influxdb/v1 ... orization/): anybody in anywhere can access Influx database with one command (influx -host "IP or hostname"). Locally anybody in the network do the same. I'm tested this, my server had this issue.
Security Issue: Nagios Core - Performance Graphs Using Influ
-
- Posts: 1
- Joined: Tue Aug 10, 2021 9:50 am
Re: Security Issue: Nagios Core - Performance Graphs Using I
I'd suggest shooting an email to security@nagios.com.
https://www.nagios.com/products/security/
I think a simple disclaimer at the top of the docs to the effect of "don't do this in prod, it exposes your influxdb instance to anything with a network connection" would go a long way.
https://www.nagios.com/products/security/
I think a simple disclaimer at the top of the docs to the effect of "don't do this in prod, it exposes your influxdb instance to anything with a network connection" would go a long way.
Former Nagios employee
https://www.mcapra.com/
https://www.mcapra.com/