[SERVER-16453] MongoDB server should obey /etc/hosts.deny and /etc/hosts.allow on GNU/Linux and UNIX systems Created: 08/Dec/14  Updated: 06/Dec/22

Status: Backlog
Project: Core Server
Component/s: Networking, Security
Affects Version/s: 2.6.5
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Markus Mahlberg Assignee: Backlog - Security Team
Resolution: Unresolved Votes: 0
Labels: connection
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to SERVER-16452 Failed login attempts should log sour... Closed
Assigned Teams:
Server Security
Backwards Compatibility: Fully Compatible
Participants:

 Description   

In order to simply security for MongoDB installations, it should obey the files /etc/hosts.deny and /etc/hosts.allow on GNU/Linux and UNIX systems.

In order to do that, support for libwrap would have to be implemented.

Instead of having to fiddle with firewalls (both external and local filter based ones can be quite complex to manage) access restrictions could be implemented using very simple configuration lines in the two mentioned files.

It is to be mentioned that most modern UNIX/Linux daemons obey /etc/hosts.deny and /etc/hosts.allow and that it was a rather big surprise that MongoDB doesn't. As per principle of least surprise, this should be changed.



 Comments   
Comment by Ryan Brothers [ 13/Oct/16 ]

I agree - it would be very useful to have a simple way to restrict what IP's can access a MongoDB server without having to configure firewall rules.

Generated at Thu Feb 08 03:41:05 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.