mqtt server bound to all interfaces

greenbone / docs

Documentation for the Greenbone Community Edition

https://greenbone.github.io/docs/

Creative Commons Attribution Share Alike 4.0 International

24 stars 32 forks source link

mqtt server bound to all interfaces #397

Closed huornlmj closed 1 year ago

huornlmj commented 1 year ago

https://github.com/greenbone/docs/blob/ba8fcefd522becb69cc853f274372860f09d736b/src/_static/docker-compose-22.4.yml#L140

The deployment results in the mqtt service binding to all interfaces, allowing network adversaries to access the service, when it should not be exposed outside the host.

bjoernricks commented 1 year ago

Duplicate of #366

huornlmj commented 1 year ago

Why is this closed? The port is open and the issue is not fixed.

bjoernricks commented 1 year ago

Because the PR is merged in the MQTT port is not exposed to the host interface anymore.

huornlmj commented 1 year ago

Oh I found PR #401 now. Assuming it passed tests?

bjoernricks commented 1 year ago

Assuming it passed tests?

Not sure what you mean. Removing the ports statement from the compose file will remove the exposed port from the host interfaces. Could be possible that you need to recreate the containers (compose down, compose up).