Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-16453

MongoDB server should obey /etc/hosts.deny and /etc/hosts.allow on GNU/Linux and UNIX systems

    • Type: Icon: Improvement Improvement
    • Resolution: Unresolved
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: 2.6.5
    • Component/s: Networking, Security
    • Labels:
    • Server Security
    • Fully Compatible

      In order to simply security for MongoDB installations, it should obey the files /etc/hosts.deny and /etc/hosts.allow on GNU/Linux and UNIX systems.

      In order to do that, support for libwrap would have to be implemented.

      Instead of having to fiddle with firewalls (both external and local filter based ones can be quite complex to manage) access restrictions could be implemented using very simple configuration lines in the two mentioned files.

      It is to be mentioned that most modern UNIX/Linux daemons obey /etc/hosts.deny and /etc/hosts.allow and that it was a rather big surprise that MongoDB doesn't. As per principle of least surprise, this should be changed.

            backlog-server-security Backlog - Security Team
            markus.mahlberg@icloud.com Markus Mahlberg
            0 Vote for this issue
            14 Start watching this issue