"A service is listening on all interfaces" - explanation needed?

Question

We got a security report, and one of the points was that a service is listening on all interfaces.

I am not a security guy and I find it hard to understand what needs to be done and how to do it.

The "service" is telegraf agent running in a docker container:

netstat -nlpt | grep 9273
(No info could be read for "-p": geteuid()=1000 but you should be root.)
tcp        0      0 0.0.0.0:9273            0.0.0.0:*               LISTEN      -

Obvious it can accept communication on all interfaces of the machine, however it gathers info only locally.

How do I restrict it?

By doing the following:

docker create --name telegraf -p 127.0.0.1:9277:9273 telegraf:1.18.3

I also change this bit in telegraf's config:

# Telegraf pull metrics configuration
[[outputs.prometheus_client]]
   ## Address to listen on
   listen = "localhost:9273"

I couldn't make it not to have 0.0.0.0:* in the output of the netstat command

score 0 · Answer 1 · answered Jun 10 '22 at 20:18

0

Perhaps when you are doing docker create --name telegraf -p 127.0.0.1:9277:9273 telegraf:1.18.3 it listens on 127.0.0.1:9277 and on 0.0.0.0:9273 because you have not specified any address for the :9273 port part?

answered Jun 10 '22 at 20:18

linux-coding649

11
2

"A service is listening on all interfaces" - explanation needed?

1 Answers1