Netdata/Security: Difference between revisions

From charlesreid1
Line 9: Line 9:
}}
}}


How to protect a netdata instance from the internet?
==Netdata over VPN==


As the wiki says: "netdata is a distributed application. Most likely you will have many installations of it. Since it is distributed and you are expected to jump from server to server, there is very little usability to add authentication local on each netdata."
To protect a netdata instance from the internet, we'll set up a VPN, which will create an associated virtual network interface.


To provide athentication, netdata wiki recommends exposing netdata on a private network interface.
We can then bind netdata to that private network interface, so that only peers connecting to the machine via the VPN will be able to see netdata.


To expose netdata to a private LAN or virtual network by binding to a particular network interface:
To expose netdata to a virtual network interface:


<pre>
<pre>
Line 22: Line 22:
</pre>
</pre>


You can also bind netdata to multiple IP addresses and ports. Hostnames will be resolved.
Can also bind netdata to multiple IP addresses/ports. Hostnames will be resolved. (According to the wiki, [[Tincd]] is a good tool for virtual management LANs.)
 
The wiki also notes that virtual management and administration LANs can be created using tools like tincd or gvpe


==Digital Ocean guide==
==Digital Ocean guide==

Revision as of 01:07, 22 January 2018

Notes

Netdata Wiki

From the Netdata wiki security page: https://github.com/firehol/netdata/wiki/netdata-security


netdata is a monitoring system. It should be protected, the same way you protect all your admin apps. We assume netdata will be installed privately, for your eyes only.


Netdata over VPN

To protect a netdata instance from the internet, we'll set up a VPN, which will create an associated virtual network interface.

We can then bind netdata to that private network interface, so that only peers connecting to the machine via the VPN will be able to see netdata.

To expose netdata to a virtual network interface: 

[web]
    bind to = 10.1.1.1:19999 localhost:19999

Can also bind netdata to multiple IP addresses/ports. Hostnames will be resolved. (According to the wiki, Tincd is a good tool for virtual management LANs.)

Digital Ocean guide

Digital Ocean guide to setting up a secure Netdata instance served up via Nginx: https://www.digitalocean.com/community/tutorials/how-to-set-up-real-time-performance-monitoring-with-netdata-on-ubuntu-16-04


Flags



Defcon.png
Netdata
Netdata is a tool for extensively instrumenting Linux systems, and providing monitoring capabilities via dashboards and archiving capabilities via backends.


Netdata

Using Netdata with Prometheus: Netdata/Prometheus

Security Concerns: Netdata/Security


Category:Logging  · Category:Time Series

Flags  · Template:NetdataFlag  · e





CSFlag.jpg
Dashboards and Monitoring
tools for creating dashboards and monitoring applications


Time Series Databases:

MongoDB: MongoDB  · Category:MongoDB

Graphite: Graphite  · Category:Graphite

Prometheus: Prometheus  · Category:Prometheus


System Monitoring Tools:

Netdata: Netdata  · Netdata/Prometheus  · Netdata/Security  · Category:Netdata

Collectd: Collectd  · Collectd/Mongo  · Category:Collectd


Dashboard Visualization Tools:

Standalone: Grafana  · Carbon/Graphite

Javascript: D3

Python: Bokeh


Using Docker:

Docker/System Stats


Category:Monitoring  · Category:Docker


Flags  · Template:DashboardFlag  · e




Retrieved from "https://charlesreid1.com/w/index.php?title=Netdata/Security&oldid=23527"