Documentation request
Edit existing content 📝
Which page(s) do you want us to edit?
docs/content/setup/docker.md
What do you think should be changed?
The instructions for setting up Infection Monkey on Docker instruct the user to use the host network driver. The MongoDB server does not use any kind of authentication. Therefore, if the host is not protected by a host-based firewall that limits access to the MongoDB ports, malicious actors on the local network or public internet could modify the contents of the MongoDB instance. See #4296
- Modify the docker installation instructions so that the MongoDB process is only listening on the localhost.
- Verify that there is, indeed, no access control around the MongoDB process.
- Add a caveat to all installation instructions that the Monkey Island is intended to be run on its own host/VM because it's Mongo instance is unsecured, but listening only on the local host.
Documentation request
Edit existing content 📝
Which page(s) do you want us to edit?
docs/content/setup/docker.mdWhat do you think should be changed?
The instructions for setting up Infection Monkey on Docker instruct the user to use the host network driver. The MongoDB server does not use any kind of authentication. Therefore, if the host is not protected by a host-based firewall that limits access to the MongoDB ports, malicious actors on the local network or public internet could modify the contents of the MongoDB instance. See #4296