Netdata/Security

From charlesreid1

Notes

Netdata Wiki

From the Netdata wiki security page: https://github.com/firehol/netdata/wiki/netdata-security


netdata is a monitoring system. It should be protected, the same way you protect all your admin apps. We assume netdata will be installed privately, for your eyes only.


Netdata over VPN

To protect a netdata instance from the internet, we'll set up a VPN, which will create an associated virtual network interface.

We can then bind netdata to that private network interface, so that only peers connecting to the machine via the VPN will be able to see netdata.

Example

Suppose we have a virtual private network set up with Tinc, and machine 1 (running netdata) is publicly accessible at 1.2.3.4, and accessible on the VPN at 10.6.0.1, while machine 2 (which wants to access machine 1's netdata instance) is on the VPN at 10.6.0.2.

We want to expose the netdata instance on the IP address 10.6.0.1, and not 1.2.3.4, so that only other clients on the VPN can access netdata. This VPN is referred to as a "management LAN".

In the netdata configuration file, /etc/netdata/netdata.conf, set the bind to option: 

[global]
    bind to = 10.6.0.1:19999 localhost:19999

(Note, we netdata can bind to multiple IP addresses/ports. Also, hostnames will be resolved.)

Digital Ocean guide

Digital Ocean guide to setting up a secure Netdata instance served up via Nginx: https://www.digitalocean.com/community/tutorials/how-to-set-up-real-time-performance-monitoring-with-netdata-on-ubuntu-16-04


Flags



Defcon.png
Netdata
Netdata is a tool for extensively instrumenting Linux systems, and providing monitoring capabilities via dashboards and archiving capabilities via backends.


Netdata

Using Netdata with Prometheus: Netdata/Prometheus

Security Concerns: Netdata/Security


Category:Logging  · Category:Time Series

Flags  · Template:NetdataFlag  · e





CSFlag.jpg
Dashboards and Monitoring
tools for creating dashboards and monitoring applications


Time Series Databases:

MongoDB: MongoDB  · Category:MongoDB

Graphite: Graphite  · Category:Graphite

Prometheus: Prometheus  · Category:Prometheus


System Monitoring Tools:

Netdata: Netdata  · Netdata/Prometheus  · Netdata/Security  · Category:Netdata

Collectd: Collectd  · Collectd/Mongo  · Category:Collectd


Dashboard Visualization Tools:

Standalone: Grafana  · Carbon/Graphite

Javascript: D3

Python: Bokeh


Using Docker:

Docker/System Stats


Category:Monitoring  · Category:Docker


Flags  · Template:DashboardFlag  · e




Retrieved from "https://charlesreid1.com/w/index.php?title=Netdata/Security&oldid=23534"