stratos-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From chris snow <chsnow...@gmail.com>
Subject agent security
Date Mon, 19 May 2014 10:50:42 GMT
hi Devs,

Does an agent authenticate itself to Stratos?  If not, is it possible
that an agent could write spoofed events to the MB?

It also looks like the agent has access to the bam admin user name and
password [1]:

            -Dmonitoring.server.port=<%= @bam_port %>
            -Dmonitoring.server.secure.port=<%= @bam_secure_port %>
            -Dmonitoring.server.admin.username=<%= @bam_username %>
            -Dmonitoring.server.admin.password=<%= @bam_password %>

What damage could someone (e.g. a tenant) do with possession of those
credentials?

Many thanks,

Chris


---
[1] https://github.com/apache/incubator-stratos/blob/master/tools/puppet3/modules/agent/templates/bin/stratos.sh.erb

Mime
View raw message