- Restrict web UI access to trusted admin networks.
- Use HTTPS and authentication for the web interface.
- Restrict munin-node port (4949/tcp) to munin master only.
- Use stunnel for TLS encryption of node traffic.
¶ Authentication and Access
- Enable HTTP authentication for web interface.
- Restrict allowed hosts in munin-node.conf.
- Use SSH keys for SSH-based node access.
- Limit plugin execution to authorized users.
- Only enable necessary plugins.
- Review custom plugin code for security issues.
- Avoid running plugins as root when not needed.
- Secure plugin credentials in protected files.
- Protect RRD files with restrictive permissions.
- Secure configuration files (chmod 640).
- Use encrypted storage for sensitive data.
- Regular backup of configuration and RRD data.
- Run munin and munin-node as dedicated users.
- Keep Munin and plugins updated.
- Configure log rotation for munin logs.
- Monitor munin itself with external checks.
Do you need help or support? Feel free to contact us!