RRDtool typically runs as part of monitoring stacks and writes local time-series files.
¶ File and Process Security
- Restrict access to
.rrd files and graph output directories.
- Run graph/update jobs under non-root service users.
- Protect command wrappers from user-controlled input.
- Validate data sources feeding RRDtool scripts.
- Isolate web graph viewers behind auth if exposed.
- Monitor for unexpected file growth or corruption.