How safe is Cacti?
Moderators: Developers, Moderators
How safe is Cacti?
I'm pretty new to tools like this and IT in general so I'm looking to get started by having a full overview of my network, which this tool seems perfect for. If I use features such as sending me an email alert when a particular device connects to the network, or looking at the requirements "Cacti requires MySQL, PHP, RRDTool, net-snmp, and a webserver that supports PHP such as Apache or IIS." it has me wondering if there is any risk of outside access to my network if I use Cacti, particularly the webserver part. Does anyone have any advice on the security of Cacti or how to make it more secure if it is even needed?
-
TheWitness
- Developer
- Posts: 17061
- Joined: Tue May 14, 2002 5:08 pm
- Location: MI, USA
- Contact:
Re: How safe is Cacti?
It's safe, but I would not run it on Windows. Maybe a Linux VM on Windows, but not Windows.
True understanding begins only when we realize how little we truly understand...
Life is an adventure, let yours begin with Cacti!
Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages
For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
Life is an adventure, let yours begin with Cacti!
Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages
For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
Re: How safe is Cacti?
Like any LAMP server, you have to secure it.
Good password, firewall configuration in front of it.
use snmp V3 as mutch as possible.
Https on the web server
Good security on the DB, Cacti is a user like any other no more right than necessary.
And you will be fine
Good password, firewall configuration in front of it.
use snmp V3 as mutch as possible.
Https on the web server
Good security on the DB, Cacti is a user like any other no more right than necessary.
And you will be fine
Test
Almalinux
php 8.2.14
mariadb 10.6.16
Cacti 1.2.27
Spine 1.2.27
RRD 1.7.2
thold 1.8
monitor 2.5
syslog 3.2
flowview: 3.3
weathermap 1.0 Beta
Almalinux
php 8.2.14
mariadb 10.6.16
Cacti 1.2.27
Spine 1.2.27
RRD 1.7.2
thold 1.8
monitor 2.5
syslog 3.2
flowview: 3.3
weathermap 1.0 Beta
Who is online
Users browsing this forum: No registered users and 6 guests