After installing Rocket.chat server via snap and running the lynis security audit on my server, I get the following warning with a link containing more info:
Description
This control is displayed when no configured authorization mechanism was found on MongoDB.
How to solve
Usually the default permissions of MongoDB are restricted to the local machine and no authorization is needed. If the related MongoDB instance contains sensitive data, it means that without any form of authentication this data can be extracted. It is even more problematic when the instance is remotely available. During the last years this resulted in ransomware that keeps data in MongoDB instances hostage. Set the authorization setting to require authentication and define the authorization level (which user can access a particular database).
Is this secure? If anyone can suggest how to tighten up security here to remove this warning that would be much appreciated.
Hi,
After installing Rocket.chat server via snap and running the lynis security audit on my server, I get the following warning with a link containing more info:
"MongoDB instance allows any user to access databases [DBS-1820] https://cisofy.com/lynis/controls/DBS-1820/"
Details from the provided URL are:
Is this secure? If anyone can suggest how to tighten up security here to remove this warning that would be much appreciated.
Thanks!