[CVE-2018-1000115] memcached: restrict to TCP & localhost
https://access.redhat.com/security/cve/cve-2018-1000115 Restrict Memcached to only work on TCP and localhost. The restriction is made at the application and firewall levels. It will prevent DDoS amplification attacks using memcached. Change-Id: I8072cc842291d133fde9fdfe9e8ad432623a8ef2 Related-Bug: #1754607
This commit is contained in:
parent
dace40ef2d
commit
a52ba3e9a7
|
@ -36,6 +36,8 @@ ssh::server::storeconfigs_enabled: false
|
|||
memcached::max_memory: '50%'
|
||||
memcached::verbosity: 'v'
|
||||
memcached::disable_cachedump: true
|
||||
memcached::listen_ip: '127.0.0.1'
|
||||
memcached::udp_port: 0
|
||||
|
||||
# Apache
|
||||
apache::server_signature: 'Off'
|
||||
|
@ -966,6 +968,8 @@ tripleo::firewall::firewall_rules:
|
|||
dport: 3260
|
||||
'121 memcached':
|
||||
dport: 11211
|
||||
proto: tcp
|
||||
source: '127.0.0.1'
|
||||
'122 swift proxy':
|
||||
dport:
|
||||
- 8080
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
security:
|
||||
- |
|
||||
Restrict memcached service to TCP and localhost network (CVE-2018-1000115).
|
Loading…
Reference in New Issue