archive/netdata_netdata
0
0
Fork 0
mirror of https://github.com/netdata/netdata.git synced 2025-04-28 06:32:30 +00:00
Code Issues Projects Releases Wiki Activity

Fixed formatting issues. ()

Browse source 
Fixed the indentation of the nested list in the security topic.
This commit is contained in:
Tina Luedtke 2021-12-13 10:08:15 +00:00 committed by GitHub
parent 696f7a9b4e
commit 7dba9ad16f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 6 deletions

12
docs/netdata-security.md
View file

@ -13,11 +13,11 @@ We have given special attention to all aspects of Netdata, ensuring that everyth
2. [Your systems are safe with Netdata](#your-systems-are-safe-with-netdata)
3. [Netdata is read-only](#netdata-is-read-only)
4. [Netdata viewers authentication](#netdata-viewers-authentication)
- [Why Netdata should be protected](#why-netdata-should-be-protected)
- [Protect Netdata from the internet](#protect-netdata-from-the-internet)
\- [Expose Netdata only in a private LAN](#expose-netdata-only-in-a-private-lan)
\- [Use an authenticating web server in proxy mode](#use-an-authenticating-web-server-in-proxy-mode)
\- [Other methods](#other-methods)
* [Why Netdata should be protected](#why-netdata-should-be-protected)
* [Protect Netdata from the internet](#protect-netdata-from-the-internet)
* [Expose Netdata only in a private LAN](#expose-netdata-only-in-a-private-lan)
* [Use an authenticating web server in proxy mode](#use-an-authenticating-web-server-in-proxy-mode)
* [Other methods](#other-methods)
5. [Registry or how to not send any information to a third party server](#registry-or-how-to-not-send-any-information-to-a-third-party-server)
## Your data is safe with Netdata
@ -34,7 +34,7 @@ This means that Netdata can safely be used in environments that require the high
We are very proud that **the Netdata daemon runs as a normal system user, without any special privileges**. This is quite an achievement for a monitoring system that collects all kinds of system and application metrics.
There are a few cases however that raw source data are only exposed to processes with escalated privileges. To support these cases, Netdata attempts to minimize and completely isolate the code that runs with escalated privileges.
There are a few cases, however, that raw source data are only exposed to processes with escalated privileges. To support these cases, Netdata attempts to minimize and completely isolate the code that runs with escalated privileges.
So, Netdata **plugins**, even those running with escalated capabilities or privileges, perform a **hard coded data collection job**. They do not accept commands from Netdata. The communication is strictly **unidirectional**: from the plugin towards the Netdata daemon. The original application data collected by each plugin do not leave the process they are collected, are not saved and are not transferred to the Netdata daemon. The communication from the plugins to the Netdata daemon includes only chart metadata and processed metric values.