[tor-relays] Public Munin Graphs: Security Risk?

Andrew Lewman andrew at torproject.is
Tue Jan 29 16:07:05 UTC 2013

On Tue, 29 Jan 2013 16:54:58 +0100
Moritz Bartl <moritz at torservers.net> wrote:

> I finally deployed Munin across our exit nodes. The graphs are
> currently public, and I don't see an obvious reason for not doing
> that. Any objections?

For what it's worth, we do this too, https://munin.torproject.org.
Right now it has a tor-guest account on it to avoid cgi exploits, but
otherwise it has been fine for the past few years.

If someone does exploit a cgi script, they'll get an empty webserver
with copies of munin data. Not the end of the world for us.

Thanks for putting that up Moritz. Others can learn what it takes to
run busy exit relays.

pgp 0x6B4D6475

More information about the tor-relays mailing list