From 595836500f37e4ac419babc07d0c4f78099be419 Mon Sep 17 00:00:00 2001 From: MAXOUXAX <24844231+MAXOUXAX@users.noreply.github.com> Date: Sat, 29 Oct 2022 14:45:19 +0200 Subject: [PATCH 1/5] fix: mongodb config file is now automatically enabling access control by default --- database/nosql/mongodb/egg-mongo-d-b6.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/database/nosql/mongodb/egg-mongo-d-b6.json b/database/nosql/mongodb/egg-mongo-d-b6.json index 388adcc9..b14c473a 100644 --- a/database/nosql/mongodb/egg-mongo-d-b6.json +++ b/database/nosql/mongodb/egg-mongo-d-b6.json @@ -15,7 +15,7 @@ "file_denylist": [], "startup": "mongod --fork --dbpath \/home\/container\/mongodb\/ --port ${SERVER_PORT} --bind_ip 0.0.0.0 --logpath \/home\/container\/logs\/mongo.log -f \/home\/container\/mongod.conf; until nc -z -v -w5 127.0.0.1 ${SERVER_PORT}; do echo 'Waiting for mongodb connection...'; sleep 5; done; mongosh --username ${MONGO_USER} --password ${MONGO_USER_PASS} --host 127.0.0.1:${SERVER_PORT} && mongosh --eval \"db.getSiblingDB('admin').shutdownServer()\" 127.0.0.1:${SERVER_PORT}", "config": { - "files": "{}", + "files": "{\r\n \"mongod.conf\": {\r\n \"parser\": \"file\",\r\n \"find\": {\r\n \"#security:\": \"security: \\r\\n authorization: \\\"enabled\\\"\"\r\n }\r\n }\r\n}", "startup": "{\r\n \"done\": \"child process started successfully\"\r\n}", "logs": "{}", "stop": "exit" From 0df96b7d45f54065371e4fce4d50107026126aec Mon Sep 17 00:00:00 2001 From: MAXOUXAX <24844231+MAXOUXAX@users.noreply.github.com> Date: Sat, 29 Oct 2022 14:49:02 +0200 Subject: [PATCH 2/5] chore: changed MongoDB case --- README.md | 2 +- database/nosql/mongodb/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index a41f8b73..0e87aada 100644 --- a/README.md +++ b/README.md @@ -74,7 +74,7 @@ If you are reading this it looks like you are looking to add an egg to your serv ### noSQL -* [mongoDB](/database/nosql/mongodb) +* [MongoDB](/database/nosql/mongodb) ### SQL Databases diff --git a/database/nosql/mongodb/README.md b/database/nosql/mongodb/README.md index b72a3a7d..9ae29218 100644 --- a/database/nosql/mongodb/README.md +++ b/database/nosql/mongodb/README.md @@ -1,4 +1,4 @@ -# mongoDB +# MongoDB ## From their [Website](https://www.mongodb.com/) From 04dcb56d9b0cc8b586e0a91e8850f91bce9bd065 Mon Sep 17 00:00:00 2001 From: MAXOUXAX <24844231+MAXOUXAX@users.noreply.github.com> Date: Sat, 29 Oct 2022 15:01:47 +0200 Subject: [PATCH 3/5] docs: updated MongoDB readme to add some notes about security --- database/nosql/mongodb/README.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/database/nosql/mongodb/README.md b/database/nosql/mongodb/README.md index 9ae29218..931de79b 100644 --- a/database/nosql/mongodb/README.md +++ b/database/nosql/mongodb/README.md @@ -8,6 +8,25 @@ MongoDB is a general purpose, document-based, distributed database built for mod To disable the message about free monitoring you can run `db.disableFreeMonitoring()`. +## Security + +By default, MongoDB **does not enforce access control**, meaning that even if you set an admin username and password in the settings of your Pterodactyl server, **anyone will be able to connect to the database without authentication**, and perform any operation. + +> :warning: This is why we recommend to expose your MongoDB database only to your local network, if possible + +### Notes specific to the MongoDB 6 egg + +The [MongoDB 6 egg](./egg-mongo-d-b6.json) enables access control by default in the `mongod.conf` file, meaning that even if people will be able to connect to your database as guests, [they will not be able to perform any operation, apart from nonhazardous commands](https://dba.stackexchange.com/a/292175) + +### :warning: If you know what you are doing, and you really want to disable access control, you can do so by editing the `mongod.conf` file + +```yaml +security: + authorization: "disabled" +``` + +> To learn more about MongoDB security, you can read the [MongoDB Security Checklist](https://www.mongodb.com/docs/manual/administration/security-checklist/#security-checklist) + ## Minimum RAM warning MongoDB requires approximately 1GB of RAM per 100.000 assets. If the system has to start swapping memory to disk, this will have a severely negative impact on performance, and should be avoided. From aacf078812ed50566024e1fa022006043aa2360b Mon Sep 17 00:00:00 2001 From: MAXOUXAX <24844231+MAXOUXAX@users.noreply.github.com> Date: Sat, 29 Oct 2022 15:13:01 +0200 Subject: [PATCH 4/5] docs: improved readability for MongoDB readme --- database/nosql/mongodb/README.md | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/database/nosql/mongodb/README.md b/database/nosql/mongodb/README.md index 931de79b..4dcf9797 100644 --- a/database/nosql/mongodb/README.md +++ b/database/nosql/mongodb/README.md @@ -14,19 +14,30 @@ By default, MongoDB **does not enforce access control**, meaning that even if yo > :warning: This is why we recommend to expose your MongoDB database only to your local network, if possible +### Enabling authentication + +To enable authentification, you need to edit the following lines to your `mongod.conf` file: + +```yaml +security: + authorization: "enabled" +``` + +> :closed_lock_with_key: To learn more about MongoDB security, you can read the [MongoDB Security Checklist](https://www.mongodb.com/docs/manual/administration/security-checklist/#security-checklist) + ### Notes specific to the MongoDB 6 egg -The [MongoDB 6 egg](./egg-mongo-d-b6.json) enables access control by default in the `mongod.conf` file, meaning that even if people will be able to connect to your database as guests, [they will not be able to perform any operation, apart from nonhazardous commands](https://dba.stackexchange.com/a/292175) +**The [MongoDB 6 egg](./egg-mongo-d-b6.json) enables access control by default** in the `mongod.conf` file, meaning that even if people will be able to connect to your database as guests, [they will not be able to perform any operation, apart from nonhazardous commands](https://dba.stackexchange.com/a/292175) -### :warning: If you know what you are doing, and you really want to disable access control, you can do so by editing the `mongod.conf` file +### Disabling authentication + +**If you know what you are doing** and want to explicitly disable access control, you can edit the following lines to your `mongod.conf` file: ```yaml security: authorization: "disabled" ``` -> To learn more about MongoDB security, you can read the [MongoDB Security Checklist](https://www.mongodb.com/docs/manual/administration/security-checklist/#security-checklist) - ## Minimum RAM warning MongoDB requires approximately 1GB of RAM per 100.000 assets. If the system has to start swapping memory to disk, this will have a severely negative impact on performance, and should be avoided. From f94c6e4bbf07c841b9a3b24548574268568f644c Mon Sep 17 00:00:00 2001 From: MAXOUXAX <24844231+MAXOUXAX@users.noreply.github.com> Date: Mon, 31 Oct 2022 18:26:27 +0100 Subject: [PATCH 5/5] chore: changed exported_at property --- database/nosql/mongodb/egg-mongo-d-b6.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/database/nosql/mongodb/egg-mongo-d-b6.json b/database/nosql/mongodb/egg-mongo-d-b6.json index b14c473a..96c8e9b7 100644 --- a/database/nosql/mongodb/egg-mongo-d-b6.json +++ b/database/nosql/mongodb/egg-mongo-d-b6.json @@ -4,7 +4,7 @@ "version": "PTDL_v2", "update_url": null }, - "exported_at": "2022-09-27T08:58:45-04:00", + "exported_at": "2022-10-31T17:26:13+00:00", "name": "MongoDB 6", "author": "parker@parkervcp.com", "description": "MongoDB is a general purpose, document-based, distributed database built for modern application developers and for my butt era.",