mirror of
https://github.com/librenms/librenms.git
synced 2024-10-07 16:52:45 +00:00
06b85f5b07
* clean 1-Minute-Polling.md formatting * cleanup formatting for Adding-a-Device.md * clean up formatting of Cleanup-options.md * cleanup formatting some for CLI-Tools.md * cleanup formatting for Syslog.md and Configuration.md * cleanup formatting for Device-Sensors.md * cleanup formatting for Device-Troubleshooting.md * cleanup Discovery Support.md * cleanup Environment-Variables.md * cleanup Example-Hardware-Setup.md and FAQ.mg * update Features.md, Install Validation.md, Perfermance.md, Poller Support.md, and index.md * cleanup Remote-Monitoring-VPN.md, SNMP-Configuration-Examples.md, and SSL-Configuration.md * lots of updates for Installation docs * more installation doc cleanup * more formatting cleanup * clean Work-Map.md up some
36 lines
1.3 KiB
Markdown
36 lines
1.3 KiB
Markdown
source: General/Security.md
|
|
path: blob/master/doc/
|
|
|
|
# General
|
|
|
|
Like any good software we take security seriously. However, bugs do
|
|
make it into the software along with the history of the code base we
|
|
inherited. It's how we deal with identified vulnerabilities that
|
|
should show that we take things seriously.
|
|
|
|
# Securing your install
|
|
|
|
As with any system of this nature, we highly recommend that you
|
|
restrict access to the install via a firewall or VPN.
|
|
|
|
It is also highly recommended that the Web interface is protected with
|
|
an SSL certificate such as ones provided by [LetsEncrypt](http://www.letsencrypt.org).
|
|
|
|
Please ensure you keep your install [up to date](Updating.md).
|
|
|
|
# Reporting vulnerabilities
|
|
|
|
Like anyone, we appreciate the work people put in to find flaws in
|
|
software and welcome anyone to do so with LibreNMS, this will lead to
|
|
better quality and more secure software for everyone.
|
|
|
|
If you think you've found a vulnerability and want to discuss it with
|
|
some of the core team then you can email us at
|
|
[team@librenms.org](mailto:team@librenms.org) and we will endeavour to
|
|
get back to as quick as we can, this is usually within 24 hours.
|
|
|
|
We are happy to attribute credit to the findings but we ask that we're
|
|
given a chance to patch any vulnerability before public disclosure so
|
|
that our users can update as soon as a fix is available.
|
|
|