[CVE-2018-1000115] memcached: restrict to TCP & localhost
https://access.redhat.com/security/cve/cve-2018-1000115
Restrict Memcached to only work on TCP and localhost.
The restriction is made at the application and firewall levels.
It will prevent DDoS amplification attacks using memcached.
Change-Id: I8072cc842291d133fde9fdfe9e8ad432623a8ef2
Related-Bug: #1754607
(cherry picked from commit 74fc85c507
)
This commit is contained in:
parent
e46cd2a171
commit
8fff6e6942
|
@ -36,6 +36,8 @@ ssh::server::storeconfigs_enabled: false
|
|||
memcached::max_memory: '50%'
|
||||
memcached::verbosity: 'v'
|
||||
memcached::disable_cachedump: true
|
||||
memcached::listen_ip: '127.0.0.1'
|
||||
memcached::udp_port: 0
|
||||
|
||||
# Apache
|
||||
apache::server_signature: 'Off'
|
||||
|
@ -967,6 +969,8 @@ tripleo::firewall::firewall_rules:
|
|||
dport: 3260
|
||||
'121 memcached':
|
||||
dport: 11211
|
||||
proto: tcp
|
||||
source: '127.0.0.1'
|
||||
'122 swift proxy':
|
||||
dport:
|
||||
- 8080
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
security:
|
||||
- |
|
||||
Restrict memcached service to TCP and localhost network (CVE-2018-1000115).
|
Loading…
Reference in New Issue