[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] Public Munin Graphs: Security Risk?
On Tue, 29 Jan 2013 16:54:58 +0100
Moritz Bartl <moritz@xxxxxxxxxxxxxx> wrote:
> I finally deployed Munin across our exit nodes. The graphs are
> currently public, and I don't see an obvious reason for not doing
> that. Any objections?
For what it's worth, we do this too, https://munin.torproject.org.
Right now it has a tor-guest account on it to avoid cgi exploits, but
otherwise it has been fine for the past few years.
If someone does exploit a cgi script, they'll get an empty webserver
with copies of munin data. Not the end of the world for us.
Thanks for putting that up Moritz. Others can learn what it takes to
run busy exit relays.
--
Andrew
http://tpo.is/contact
pgp 0x6B4D6475
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays