From c3a41505b7cd95e412db439b7bc66a4a55e3a883 Mon Sep 17 00:00:00 2001
From: Sig Sigler <sig.sigler@rackspace.com>
Date: Thu, 6 Mar 2014 11:29:47 -0600
Subject: [PATCH] Barbican uWSGI stats server listen on localhost

The current uWSGI Upstart script starts the stats server listening
on all IPs. In order to reduce the attack surface, this patch modifies
the Upstart script so that the stats server starts listening on
localhost only.

Closes-Bug: #1288881
Change-Id: I6141e665433d418b8cbecc4f065b8a3710310d29
---
 debian/barbican-api.upstart | 2 +-
 etc/init/barbican-api.conf  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/debian/barbican-api.upstart b/debian/barbican-api.upstart
index a161289e2..511ea3de5 100644
--- a/debian/barbican-api.upstart
+++ b/debian/barbican-api.upstart
@@ -6,5 +6,5 @@ start on runlevel [2345]
 stop on runlevel [06]
 
 script
-    uwsgi --master --die-on-term --emperor /etc/barbican/vassals --logto /var/log/barbican/barbican-api.log
+    uwsgi --master --die-on-term --emperor /etc/barbican/vassals --logto /var/log/barbican/barbican-api.log --stats localhost:9314
 end script
diff --git a/etc/init/barbican-api.conf b/etc/init/barbican-api.conf
index 44c336213..7265833a6 100644
--- a/etc/init/barbican-api.conf
+++ b/etc/init/barbican-api.conf
@@ -7,5 +7,5 @@ stop on runlevel [06]
 
 #TODO(jwood) Parameterize the stats port address.
 script
-    uwsgi --master --die-on-term --emperor /etc/barbican/vassals --logto /var/log/barbican/barbican-api.log --stats :9314
+    uwsgi --master --die-on-term --emperor /etc/barbican/vassals --logto /var/log/barbican/barbican-api.log --stats localhost:9314
 end script