It is recommended to enable local Linux firewall on the host. The newbIT TSA Ansible playbook can manage the required communication port for the solution on your local system.
Please read in the Ansible configuration section how to enable local firewall configuration for the TSA: System firewall
For details information about the required Firewall rule, read in the Requirements section chapter Required Ports for nTSA
It is recommended to enable authentication to keep any unauthorized individuals from accessing your data. Please read in the Ansible configuration section how to enable authehtification for InfluxDB: InfluxDB enable authentication.
Managing users and permissions
The newbIT TSA creates by default for each component, which needs to access InfluxDB an own user account in InfluxDB. Please read in the ansible configuration section how to configure does users: InfluxDB users
For additional users check the official InfluxDB documentation: Set up authentication
Enabling HTTPS to secure the communication between InfluxDB and clients.
Please read the original documentation from Grafana to get detail information about Grafana roles and permissions http://docs.grafana.org/administration/permissions/
The newbIT TSA use only Docker images from trust source (Vendor), and if available only images of the offical Docker Repository on the Docker Hub. Offical images are scanned using Docker Cloud’s Security Scanning service. The results of security scanner get published, for each image version (Tag) in the Docker Hub, and provides you details about which layers in the image and which components within the layer are vulnerable. Each individual vulnerable of the image includes details with a link to the official CVE report.
The security scan reports are only available once you login, we encourage you to create for your organization at leased on Docker Hub account.
For generall Docker engine security please read the official Docker documentation:https://docs.docker.com/engine/security/security/