Redis (ntopng dependency) defaults to listening on all interfaces?
-
I was setting up ntopng 0.8.4_4 on my 2.3.2-RELEASE-p1 box and it seems it installs the default redis package with no binding interface defined, as a result it listens on all interfaces. The default firewalls block access anyway but it seems it would be more secure to have it default to localhost or a unix socket (better imho).
Thoughts?
-
Listening on localhost is probably best in this case, assuming ntopng is happy contacting it there.
-
I was looking at something else in ntopng today and went ahead and tested/committed a fix so that redis now only binds to localhost. Still worked fine for me so I pushed the new version out for everyone.