[tor-bugs] #29863 [Obfuscation/Snowflake]: Add disk space monitoring for snowflake infrastructure

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Apr 25 01:06:50 UTC 2019 

#29863: Add disk space monitoring for snowflake infrastructure
-----------------------------------+-----------------------------
 Reporter:  cohosh                 |          Owner:  (none)
     Type:  task                   |         Status:  merge_ready
 Priority:  Medium                 |      Milestone:
Component:  Obfuscation/Snowflake  |        Version:
 Severity:  Normal                 |     Resolution:
 Keywords:  snowflake              |  Actual Points:
Parent ID:  #30152                 |         Points:
 Reviewer:                         |        Sponsor:  Sponsor19
-----------------------------------+-----------------------------
Changes (by dcf):

 * status:  needs_review => merge_ready


Comment:

 Replying to [comment:13 cohosh]:
 > I edited /etc/init.d/prometheus-node-exporter and /etc/default
 /prometheus-node-exporter to add the following line:
 > {{{
 > ARGS="--no-collector.arp --no-collector.bcache --no-collector.bonding
 --no-collector.conntrack --no-collector.cpu --no-collector.edac --no-
 collector.entropy --no-collector.filefd --no-collector.hwmon --no-
 collector.infiniband --no-collector.ipvs --no-collector.loadavg --no-
 collector.mdadm --no-collector.meminfo --no-collector.netclass --no-
 collector.netdev --no-collector.netstat --no-collector.nfs --no-
 collector.nfsd --no-collector.sockstat --no-collector.stat --no-
 collector.textfile --no-collector.timex --no-collector.uname --no-
 collector.vmstat --no-collector.xfs --no-collector.zfs"
 > }}}

 Okay. The measurements in comment:22 look ok to export, even if they get
 accidentally disclosed. I'm thinking it's prudent to keep the IP address
 authentication for port 9100, to mitigate against potential
 vulnerabilities in prometheus-node-exporter itself.

 It's probably better not to modify /etc/init.d/prometheus-node-exporter
 because that will cause a conflict when upgrading. It looks to me like
 /etc/default/prometheus-node-exporter is the right place and is
 sufficient.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29863#comment:24>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list