Closed rayhanur-rahman closed 5 years ago
Greetings,
I am a security researcher, who is looking for security smells in Ansible scripts. I noticed instances of binding to 0.0.0.0. Binding an address to 0.0.0.0 indicates allowing connections from all IP addresses. I would like to draw attention to these instances. Binding to 0.0.0.0 may lead to denial of service attacks. Practitioners have reported how binding to 0.0.0.0 facilitated security issues for MySQL (https://serversforhackers.com/c/mysql-network-security), Memcached (https://news.ycombinator.com/item?id=16493480), and Kibana (https://www.elastic.co/guide/en/kibana/5.0/breaking-changes-5.0.html).
Any feedback is appreciated.
Source: https://github.com/quarkslab/irma/blob/master/ansible/playbooks/group_vars/brain.yml
Same comment as #60 this is the default value but could be overloaded by environment settings like here
ch0k0bn
commented
5 years ago
Greetings,
I am a security researcher, who is looking for security smells in Ansible scripts. I noticed instances of binding to 0.0.0.0. Binding an address to 0.0.0.0 indicates allowing connections from all IP addresses. I would like to draw attention to these instances. Binding to 0.0.0.0 may lead to denial of service attacks. Practitioners have reported how binding to 0.0.0.0 facilitated security issues for MySQL (https://serversforhackers.com/c/mysql-network-security), Memcached (https://news.ycombinator.com/item?id=16493480), and Kibana (https://www.elastic.co/guide/en/kibana/5.0/breaking-changes-5.0.html).
Any feedback is appreciated.
Source: https://github.com/quarkslab/irma/blob/master/ansible/playbooks/group_vars/brain.yml