Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
D
docs
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Administrator
docs
Commits
54d0f70f
Unverified
Commit
54d0f70f
authored
Mar 22, 2018
by
Richard Hartmann
Committed by
GitHub
Mar 22, 2018
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Update security.md
Some minor cleanups and clarifications
parent
f92839f9
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
11 additions
and
8 deletions
+11
-8
security.md
content/docs/operating/security.md
+11
-8
No files found.
content/docs/operating/security.md
View file @
54d0f70f
...
...
@@ -14,13 +14,15 @@ attack vectors that some configurations may enable.
As with any complex systems it is not possible to guarantee that there are no
bugs. If you find a security bug, please file it in the issue tracker of the
relevant component.
relevant component. If you prefer to report security issues in secret, you may
email the non-public
[
Prometheus team mailing list
](
mailto:prometheus-team@googlegroups.com
)
.
### Prometheus
It is presumed that untrusted users have access to the Prometheus HTTP endpoint
and logs. They have access to all time series information contained in the
database, plus a variety of operational/debugging information.
database, plus a variety of operational/debugging information, including all
targets and alerts.
It is also presumed that only trusted users have the ability to change the
command line, configuration file, rule files and other aspects of the runtime
...
...
@@ -34,10 +36,10 @@ that service discovery system.
Scraped targets may be run by untrusted users. It should not by default be
possible for a target to expose data that impersonates a different target. The
`honor_labels`
option removes
this protection, as can certain relabelling
setups
.
`honor_labels`
option removes
and certain relabelling setups remove this
protection
.
As of Prometheus 2.
0
, the
`--web.enable-admin-api`
flag controls access to the
As of Prometheus 2.
x
, the
`--web.enable-admin-api`
flag controls access to the
administrative HTTP API which includes functionality such as deleting time
series. This is disabled by default. If enabled, administrative and mutating
functionality will be accessible under the
`/api/*/admin/`
paths. The
...
...
@@ -84,7 +86,8 @@ configuration file.
Any user with access to the Pushgateway HTTP endpoint can create, modify and
delete the metrics contained within. As the Pushgateway is usually scraped with
`honor_labels`
enabled, this means anyone with access to the Pushgateway can
create any time series in Prometheus.
create any time series in Prometheus, including impersonating other targets or
generating alerts.
## Exporters
...
...
@@ -125,7 +128,7 @@ secret. Throughout the Prometheus system, metrics are not considered secret.
Fields containing secrets in configuration files (marked explicitly as such in
the documentation) will not be exposed in logs or via the HTTP API. Secrets
should not be placed in other configuration fields, as it is common for
should not be placed in
any
other configuration fields, as it is common for
components to expose their configuration over their HTTP endpoint.
Secrets from other sources used by dependencies (e.g. the
`AWS_SECRET_KEY`
...
...
@@ -136,7 +139,7 @@ wherever it is stored.
## Denial of Service
There are some mitigations in place for excess load or expensive queries.
However, if too many or too expensive queries/metrics are provided components
However, if too many or too expensive queries/metrics are provided
,
components
will fall over. It is more likely that a component will be accidentally taken
out by a trusted user than by malicious action.
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment