tripleo-heat-templates/memcached_hardening-2529734099da27f4.yaml at d0288b450dd65f3f2d93564433dea29aab41f0da - tripleo-heat-templates - OpenDev: Free Software Needs Free Tools

openstack/tripleo-heat-templates

Emilien Macchi d373df5ff8 [CVE-2018-1000115] memcached: restrict to TCP & internal_api network

https://access.redhat.com/security/cve/cve-2018-1000115

Restrict Memcached to only work on TCP and internal_api network.
The restriction is made at the application and firewall levels.
It will prevent DDoS amplification attacks using memcached.

Change-Id: I8fb81d7f3938b04ff7652e30de35a1ec23ae723d
Related-Bug: #1754607
(cherry picked from commit 2b37b726aa)

2018-03-09 22:50:58 +01:00

5 lines

103 B

YAML

Raw Blame History

 ---
 security:
   - |
     Restrict memcached service to TCP and internal_api network (CVE-2018-1000115).