librenms-librenms/doc/General/Security.md

source: General/Security.md

### General
Like any good software we take security seriously. However, bugs do make it into the software 
along with the history of the code base we inherited. It's how we deal with identified vulnerabilities 
that should show that we take things seriously. 

### Securing your install
As with any system of this nature, we highly recommend that you restrict access to the install via 
a firewall or VPN.

It is also highly recommended that the Web interface is protected with an SSL certificate such as ones 
provided by [LetsEncrypt](http://www.letsencrypt.org).

When using HTTPS, it is recommended that you use secure, encrypted cookies to prevent session
hijacking attacks. Set ``$config['secure_cookies'] = true`` in ``config.php`` to enable these.

Please ensure you keep your install [up to date](Updating.md).

### Reporting vulnerabilities
Like anyone, we appreciate the work people put in to find flaws in software and welcome anyone 
to do so with LibreNMS, this will lead to better quality and more secure software for everyone.

If you think you've found a vulnerability and want to discuss it with some of the core team then 
you can email us at [team@librenms.org](team@librenms.org) and we will endeavour to get back to 
as quick as we can, this is usually within 24 hours.

We are happy to attribute credit to the findings but we ask that we're given a chance to patch 
any vulnerability before public disclosure so that our users can update as soon as a fix is 
available.
doc: Added doc on security and vulnerabilities 2016-10-07 11:21:19 +00:00			`source: General/Security.md`

			`### General`
			`Like any good software we take security seriously. However, bugs do make it into the software`
			`along with the history of the code base we inherited. It's how we deal with identified vulnerabilities`
			`that should show that we take things seriously.`

			`### Securing your install`
			`As with any system of this nature, we highly recommend that you restrict access to the install via`
			`a firewall or VPN.`

Docs refactor (#7389) * docs: Refactored docs for new layout * some more changes * more doc updates * More doc updates * small update * small update 2017-10-02 21:36:22 +01:00			`It is also highly recommended that the Web interface is protected with an SSL certificate such as ones`
doc: Added doc on security and vulnerabilities 2016-10-07 11:21:19 +00:00			`provided by [LetsEncrypt](http://www.letsencrypt.org).`

security: Enable support for secure cookies (#6868) * Enable secure cookies for authentication Enables secure cookies for authentication when HTTPS is used. * Add line with example secure session cookies * Fix comment line that's too long * Remove session secure cookie config * Added secure cookie config to init.php Commented out because having this enabled will prevent the server from sending cookies over HTTPS. * Enable secure cookies if config value provided * Make code formatting consistent * Remove secure cookie config * Use $config['secure_cookies'] to set cookies * Add default option to turn secure cookies on * Fix formatting issues * Set secure cookies to default to false * Add info about secure cookies * Fix formatting * Remove trailing whitespace * move secure cookie default config to defaults.inc.php * Remove trailing whitespace * Fix formatting * Remove empty line by rrd config * Remove whitespace 2017-06-26 09:21:21 -04:00			`When using HTTPS, it is recommended that you use secure, encrypted cookies to prevent session`
			hijacking attacks. Set ``$config['secure_cookies'] = true`` in ``config.php`` to enable these.

doc: Added doc on security and vulnerabilities 2016-10-07 11:21:19 +00:00			`Please ensure you keep your install [up to date](Updating.md).`

			`### Reporting vulnerabilities`
			`Like anyone, we appreciate the work people put in to find flaws in software and welcome anyone`
			`to do so with LibreNMS, this will lead to better quality and more secure software for everyone.`

			`If you think you've found a vulnerability and want to discuss it with some of the core team then`
			`you can email us at [team@librenms.org](team@librenms.org) and we will endeavour to get back to`
			`as quick as we can, this is usually within 24 hours.`

			`We are happy to attribute credit to the findings but we ask that we're given a chance to patch`
			`any vulnerability before public disclosure so that our users can update as soon as a fix is`
security: Enable support for secure cookies (#6868) * Enable secure cookies for authentication Enables secure cookies for authentication when HTTPS is used. * Add line with example secure session cookies * Fix comment line that's too long * Remove session secure cookie config * Added secure cookie config to init.php Commented out because having this enabled will prevent the server from sending cookies over HTTPS. * Enable secure cookies if config value provided * Make code formatting consistent * Remove secure cookie config * Use $config['secure_cookies'] to set cookies * Add default option to turn secure cookies on * Fix formatting issues * Set secure cookies to default to false * Add info about secure cookies * Fix formatting * Remove trailing whitespace * move secure cookie default config to defaults.inc.php * Remove trailing whitespace * Fix formatting * Remove empty line by rrd config * Remove whitespace 2017-06-26 09:21:21 -04:00			`available.`