• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Security implications of installing netdata (or other monitoring tools)

Scheduled Pinned Locked Moved General pfSense Questions
3 Posts 2 Posters 1.2k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • L
    lightningbit
    last edited by Dec 11, 2018, 9:06 PM

    Hi,

    would there be any major (firewall) security implications of installing packages like netdata, ntopng, ....

    I know as always, the less extra packages you install, the better. at the other side, some visibility on the behavior of the FW would be good.
    as the realtime data built in pfsense is limited, I'm looking at netdata, and ntopng ...

    ntopng already has a pfsense package in the pfsense repo, netdata not (yet?)

    would installing either of them make the fw less secure, more weak?

    1 Reply Last reply Reply Quote 0
    • S
      stephenw10 Netgate Administrator
      last edited by Dec 11, 2018, 10:48 PM

      If you're installing anything that is not in our repo there are implications.

      If it's some random repo then really you could be installing anything.

      If it's from the FreeBSD repo you can be fairly sure it is legit at least but that package will not have been tested in pfSense. It may pull in dependencies that overwrite something custom in pfSense. It may have unintended consequences.
      Obviously that risk varies. If it's something self-contained that doesn't run continually the risk is low.

      Steve

      1 Reply Last reply Reply Quote 0
      • L
        lightningbit
        last edited by Dec 11, 2018, 11:08 PM

        As far as I can see, it seems to be self contained :

        https://docs.netdata.cloud/installer/#pfsense

        extract :


        Note first three packages are downloaded from the pfSense repository for maintaining compatibility with pfSense, Netdata is downloaded from the FreeBSD repository.

        pkg install pkgconf
        pkg install bash
        pkg install e2fsprogs-libuuid
        pkg add http://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/netdata-1.11.0.txz


        the netdata package does not seem to add extra dependencies unless I'm looking wrong

        but something like netdata (also like ntopng) is designed to run 24/7

        I'm running it on a test pfsense in an isolated network, for now the test setup seems to run

        1 Reply Last reply Reply Quote 0
        1 out of 3
        • First post
          1/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received