I am experimenting with a distributed monitoring setup where the icinga agent connects to a master.
This is a common use-case as the node setup scripts specifically asks for it:
Establish connection to the parent node? Yes.
What I found is that the ApiListener feature will still open a listening socket on 0.0.0.0:5665 for no reasons.
As a security hardening feature, I would like to be able to disable this completely.
- Setting bind_host to null does not work.
- The best we can do is set bind_host to localhost to reduce the attack surface.
I am experimenting with a distributed monitoring setup where the icinga agent connects to a master.
This is a common use-case as the node setup scripts specifically asks for it:
What I found is that the ApiListener feature will still open a listening socket on 0.0.0.0:5665 for no reasons.
As a security hardening feature, I would like to be able to disable this completely.