cacti on a firewall/router, safe?

FUBAR · 2006-05-03 12:51:40

I'd like to get some nice graphical info about CPU, RAM, disk, netm ... usage on my Arch router. This firewalling gateway router watchmajig shares my broadband connection with my LAN.

I've been looking around and cacti looks pretty nice. Cacti needs a database to store its information though. Obviously, installing cacti and mysql impose a potential security risk for the router.

Can this be done without having to worry too much about security issues?

cactus · 2006-05-03 15:45:18

of course I am safe on a firewall...
oh wait..

... if you are going to have web access to the router/firewall...then yes.
There have been remote exploit vulns associated with cacti in the past.
For security, it would be recommended to have snmp enabled on the inside interface..with only allowances for read only polling from a single internal host..
and have that host running cacti and sql, fetching stats from the router/firewall via snmp (like mrtg).

But for a balance between security and usability, with thought to simpler architecture and not alot of extra machines laying around..
cacti with apache/lighttpd with an sql engine listening only on localhost..would be *ok*. Just keep cacti well updated, and maybe only access it with ssl and require password protection to get at it.. (apache htdigest perhaps).

FUBAR · 2006-05-03 20:35:00

I wouldn't trust more than one of you on my box without a thread reassuring me.

I do have remote access to the box, but only on the internal interface. The web access would also be just for the LAN side.

FUBAR · 2006-05-08 13:21:25

I found an article on munin and monit. They seem to do the same as cacti, but without the need for a database. I'm going with those I think.

Arch Linux

#1 2006-05-03 12:51:40

cacti on a firewall/router, safe?

#2 2006-05-03 15:45:18

Re: cacti on a firewall/router, safe?

#3 2006-05-03 20:35:00

Re: cacti on a firewall/router, safe?

#4 2006-05-08 13:21:25

Re: cacti on a firewall/router, safe?

Board footer