openstack/barbican
Code Issues Proposed changes

Barbican uWSGI stats server listen on localhost

Browse Source 
The current uWSGI Upstart script starts the stats server listening
on all IPs. In order to reduce the attack surface, this patch modifies
the Upstart script so that the stats server starts listening on
localhost only.

Closes-Bug: #1288881
Change-Id: I6141e665433d418b8cbecc4f065b8a3710310d29
This commit is contained in:
Sig Sigler 2014-03-06 11:29:47 -06:00
parent 45795fadbb
commit c3a41505b7
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
debian/barbican-api.upstart vendored
View File

@ -6,5 +6,5 @@ start on runlevel [2345]
stop on runlevel [06]
script
uwsgi --master --die-on-term --emperor /etc/barbican/vassals --logto /var/log/barbican/barbican-api.log
uwsgi --master --die-on-term --emperor /etc/barbican/vassals --logto /var/log/barbican/barbican-api.log --stats localhost:9314
end script

2
etc/init/barbican-api.conf
View File

@ -7,5 +7,5 @@ stop on runlevel [06]
#TODO(jwood) Parameterize the stats port address.
script
uwsgi --master --die-on-term --emperor /etc/barbican/vassals --logto /var/log/barbican/barbican-api.log --stats :9314
uwsgi --master --die-on-term --emperor /etc/barbican/vassals --logto /var/log/barbican/barbican-api.log --stats localhost:9314
end script