subject:"\[graylog2\] Nessus vulnerability scanner and Graylog"

Re: [graylog2] Nessus vulnerability scanner and Graylog

2016-07-07 Thread Marius Sturm

Usually you need the web port and the api port but on the OVAs both are
mapped to HTTPS so that should be fine then.

On 4 July 2016 at 21:17,  wrote:

> Thank you Marius, I implemented the suggestions listed under:
> http://docs.graylog.org/en/2.0/pages/configuration/graylog_ctl.html#production-readiness
>  apart
> from: "Seperate the box network-wise from the outside, otherwise
> Elasticsearch can be reached by anyone".
>
> I'd like to limit access to our Graylog server from one VLAN (user) to
> another (servers; where Graylog is) so that only SSH is available (that is
> easy), but we also need to view the web page. Which ports must be
> accessible (HTTPS anything else)?
>
>
> Dne sreda, 29. junij 2016 21.14.17 UTC+2 je oseba Marius Sturm napisala:
>
>> Hi,
>> the OVAs in general are made for ease of setup and a quick getting
>> started experience with Graylog. The trade-off of this that some services
>> need to be less restricted as in a setup that is optimized for security.
>> Elasticsearch and MongoDB should always placed in a seperate network as
>> documented here:
>> http://docs.graylog.org/en/2.0/pages/configuration/graylog_ctl.html#production-readiness
>>
>> If you have higher security needs please consider a manual setup of
>> Graylog and make sure that all services are as secured as possible
>> http://docs.graylog.org/en/2.0/pages/installation/manual_setup.html
>>
>> Cheers,
>> Marius
>>
>> On 29 June 2016 at 19:57,  wrote:
>>
>>> We're using the latest version of Graylog OVA and have recently had a
>>> vulnerability assesment. I'm attaching the finding from the Nessus scanner.
>>> Can someone please shed some lights on these results focusing on the Medium
>>> severity and esp. MongoDB Service Without Authentication Detection and Web
>>> Server Generic Cookie Injection.
>>>
>>> Many thanks in advance.
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Graylog Users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to graylog2+u...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/graylog2/6f262db7-5494-47ce-aa54-28fde164a383%40googlegroups.com
>>> 
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>
>>
>> --
>> Developer
>>
>> Tel.: +49 (0)40 609 452 077
>> Fax.: +49 (0)40 609 452 078
>>
>> TORCH GmbH - A Graylog Company
>> Poolstraße 21
>> 20335 Hamburg
>> Germany
>>
>> https://www.graylog.com 
>>
>> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
>> Geschäftsführer: Lennart Koopmann (CEO)
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/graylog2/14f3ae72-7b64-4c3c-8d85-2edd7c4363fb%40googlegroups.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Developer

Tel.: +49 (0)40 609 452 077
Fax.: +49 (0)40 609 452 078

TORCH GmbH - A Graylog Company
Poolstraße 21
20335 Hamburg
Germany

https://www.graylog.com 

Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
Geschäftsführer: Lennart Koopmann (CEO)

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CAMqbBbJ9uirzk8WGfReGjPFkpyf1o0rFXiTiJEzYe5xyDB7L4w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Nessus vulnerability scanner and Graylog

2016-07-04 Thread cypherbit

Thank you Marius, I implemented the suggestions listed under: 
http://docs.graylog.org/en/2.0/pages/configuration/graylog_ctl.html#production-readiness
 apart 
from: "Seperate the box network-wise from the outside, otherwise 
Elasticsearch can be reached by anyone".

I'd like to limit access to our Graylog server from one VLAN (user) to 
another (servers; where Graylog is) so that only SSH is available (that is 
easy), but we also need to view the web page. Which ports must be 
accessible (HTTPS anything else)?


Dne sreda, 29. junij 2016 21.14.17 UTC+2 je oseba Marius Sturm napisala:

> Hi,
> the OVAs in general are made for ease of setup and a quick getting started 
> experience with Graylog. The trade-off of this that some services need to 
> be less restricted as in a setup that is optimized for security. 
> Elasticsearch and MongoDB should always placed in a seperate network as 
> documented here: 
> http://docs.graylog.org/en/2.0/pages/configuration/graylog_ctl.html#production-readiness
>
> If you have higher security needs please consider a manual setup of 
> Graylog and make sure that all services are as secured as possible 
> http://docs.graylog.org/en/2.0/pages/installation/manual_setup.html
>
> Cheers,
> Marius
>
> On 29 June 2016 at 19:57,  wrote:
>
>> We're using the latest version of Graylog OVA and have recently had a 
>> vulnerability assesment. I'm attaching the finding from the Nessus scanner. 
>> Can someone please shed some lights on these results focusing on the Medium 
>> severity and esp. MongoDB Service Without Authentication Detection and Web 
>> Server Generic Cookie Injection.
>>
>> Many thanks in advance.
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Graylog Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to graylog2+u...@googlegroups.com .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/graylog2/6f262db7-5494-47ce-aa54-28fde164a383%40googlegroups.com
>>  
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> -- 
> Developer
>
> Tel.: +49 (0)40 609 452 077
> Fax.: +49 (0)40 609 452 078
>
> TORCH GmbH - A Graylog Company
> Poolstraße 21
> 20335 Hamburg
> Germany
>
> https://www.graylog.com 
>
> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
> Geschäftsführer: Lennart Koopmann (CEO)
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/14f3ae72-7b64-4c3c-8d85-2edd7c4363fb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Nessus vulnerability scanner and Graylog

2016-06-29 Thread Marius Sturm

Hi,
the OVAs in general are made for ease of setup and a quick getting started
experience with Graylog. The trade-off of this that some services need to
be less restricted as in a setup that is optimized for security.
Elasticsearch and MongoDB should always placed in a seperate network as
documented here:
http://docs.graylog.org/en/2.0/pages/configuration/graylog_ctl.html#production-readiness

If you have higher security needs please consider a manual setup of Graylog
and make sure that all services are as secured as possible
http://docs.graylog.org/en/2.0/pages/installation/manual_setup.html

Cheers,
Marius

On 29 June 2016 at 19:57,  wrote:

> We're using the latest version of Graylog OVA and have recently had a
> vulnerability assesment. I'm attaching the finding from the Nessus scanner.
> Can someone please shed some lights on these results focusing on the Medium
> severity and esp. MongoDB Service Without Authentication Detection and Web
> Server Generic Cookie Injection.
>
> Many thanks in advance.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/graylog2/6f262db7-5494-47ce-aa54-28fde164a383%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Developer

Tel.: +49 (0)40 609 452 077
Fax.: +49 (0)40 609 452 078

TORCH GmbH - A Graylog Company
Poolstraße 21
20335 Hamburg
Germany

https://www.graylog.com 

Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
Geschäftsführer: Lennart Koopmann (CEO)

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CAMqbBbKuW_fuWPN3voTKYaaOtVAtYfYiiVobvtEFyoRFa0JYiQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Nessus vulnerability scanner and Graylog

Re: [graylog2] Nessus vulnerability scanner and Graylog

Re: [graylog2] Nessus vulnerability scanner and Graylog

3 matches

Site Navigation

Mail list logo

Footer information