MongoDB Security & Defaults

Frank Ch. Eigler fche at redhat.com
Fri Feb 13 16:25:55 UTC 2015


"Ryan S. Brown" <ryansb at redhat.com> writes:

> [...]  In January, the Fedora rawhide package for mongo[2] was
> changed to listen on all interfaces by default [...]  To help
> protect users, I think the default should be changed back to
> localhost only. [...]

We have a slew of network-servers in the fedora distribution.
Apprx. none of them are supposed to be turned on just by virtue of rpm
installation (so, require an explicit systemctl enable), and apprx.
none of them get through the system-default firewalld setup.  The
out-of-the-box risk is therefore nil.

If you'd like to pursue a distro-wide change for this
interface-binding level of security, please consider pursuing it via a
Fedora Change type process rather than piecemeal package-by-package.

- FChE


More information about the devel mailing list