[CVE-2018-1000115] memcached: restrict to TCP

https://access.redhat.com/security/cve/cve-2018-1000115 Restrict Memcached to only work on TCP. The configuration only binds memcached on localhost but in case it changes, we'll prevent DDoS amplification attacks. Change-Id: Ib87b41b9f22549ec49788721b5806c972f3c5d2f
2018-03-09 22:33:38 +01:00 · 2018-03-09 22:33:38 +01:00 · 5210dd7903
parent 60e2459462
commit 5210dd7903
1 changed files with 2 additions and 1 deletions
--- a/manifests/memcached.pp
+++ b/manifests/memcached.pp
@ -2,6 +2,7 @@ class openstack_integration::memcached {
  include ::openstack_integration::config

  class { '::memcached':
-    listen_ip => $::openstack_integration::config::host
+    listen_ip => $::openstack_integration::config::host,
+    udp_port  => 0,
  }
 }