6/24/2023 0 Comments Ntopng default account![]() Ntopng uses Redis as a cache for DNS names and other values. This is the netstat output after the changes highlighted in the example above. This is the netstat output when the HTTP and the HTTPS servers are listening on the any addresses. ![]() The any address is indicated with 0.0.0.0. The listening addresses can easily be verified with netstat on unix. For example to change the HTTP server listening address to only 127.0.0.1 and the listening address of the HTTPS server to 192.168.2.222, the following options can be used: -http-port=:3000 Listening address changes are indicated using a couple of ntopng configuration options, namely -http-port for HTTP and -https-port for HTTPS. The listening address can be changed from any to another custom address that can be an IP address of an host interface, or just the loopback address 127.0.0.1. ![]() That does not imply anyone can access the ntopng web GUI - login credentials are required for the GUI - but it is never a good idea to leave a remote web server exposed also to those that should not be entitled to have access to ntopng. This means that anyone who has IP-reachability of the ntopng host can be served with web contents by the server. Ntopng embedded web server listens on any address by default. Generation instruction are available in README.SSL. To disable HTTP and enable HTTPS on port 443 the following options suffice: -http-port=0Įnabling HTTPS ntopng requires ntopng to be able to use a certificate and a private key for the encryption. In production, it is recommended to disable HTTP and only leave HTTPS. Encrypted Web Accessīy default, ntopng runs an HTTP server on port 3000. Here is the list of things required to secure ntopng. Those things include, but are not limited to, enabling an encrypted web access, restricting the web server access, and protecting the Redis server used by ntopng as a cache. Several things are required to secure ntopng and make it enterprise-proof. Therefore, the default configuration should only be used for testing purposes in non-production environments. Such configuration is meant to provide an up-and-running ntopng but does not try to secure it. After a fresh install, ntopng will run using a default, basic configuration.
0 Comments
Leave a Reply. |