Security implications of installing netdata (or other monitoring tools)



  • Hi,

    would there be any major (firewall) security implications of installing packages like netdata, ntopng, ....

    I know as always, the less extra packages you install, the better. at the other side, some visibility on the behavior of the FW would be good.
    as the realtime data built in pfsense is limited, I'm looking at netdata, and ntopng ...

    ntopng already has a pfsense package in the pfsense repo, netdata not (yet?)

    would installing either of them make the fw less secure, more weak?


  • Netgate Administrator

    If you're installing anything that is not in our repo there are implications.

    If it's some random repo then really you could be installing anything.

    If it's from the FreeBSD repo you can be fairly sure it is legit at least but that package will not have been tested in pfSense. It may pull in dependencies that overwrite something custom in pfSense. It may have unintended consequences.
    Obviously that risk varies. If it's something self-contained that doesn't run continually the risk is low.

    Steve



  • As far as I can see, it seems to be self contained :

    https://docs.netdata.cloud/installer/#pfsense

    extract :


    Note first three packages are downloaded from the pfSense repository for maintaining compatibility with pfSense, Netdata is downloaded from the FreeBSD repository.

    pkg install pkgconf
    pkg install bash
    pkg install e2fsprogs-libuuid
    pkg add http://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/netdata-1.11.0.txz


    the netdata package does not seem to add extra dependencies unless I'm looking wrong

    but something like netdata (also like ntopng) is designed to run 24/7

    I'm running it on a test pfsense in an isolated network, for now the test setup seems to run


Log in to reply