summaryrefslogtreecommitdiffstats
path: root/docs/netdata-security.md
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2021-12-01 06:15:04 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2021-12-01 06:15:04 +0000
commite970e0b37b8bd7f246feb3f70c4136418225e434 (patch)
tree0b67c0ca45f56f2f9d9c5c2e725279ecdf52d2eb /docs/netdata-security.md
parentAdding upstream version 1.31.0. (diff)
downloadnetdata-e970e0b37b8bd7f246feb3f70c4136418225e434.tar.xz
netdata-e970e0b37b8bd7f246feb3f70c4136418225e434.zip
Adding upstream version 1.32.0.upstream/1.32.0
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'docs/netdata-security.md')
-rw-r--r--docs/netdata-security.md8
1 files changed, 4 insertions, 4 deletions
diff --git a/docs/netdata-security.md b/docs/netdata-security.md
index 8c0fc6d63..42dd0415f 100644
--- a/docs/netdata-security.md
+++ b/docs/netdata-security.md
@@ -9,7 +9,7 @@ We have given special attention to all aspects of Netdata, ensuring that everyth
**Table of Contents**
-1. [Your data are safe with Netdata](#your-data-are-safe-with-netdata)
+1. [Your data is safe with Netdata](#your-data-is-safe-with-netdata)
2. [Your systems are safe with Netdata](#your-systems-are-safe-with-netdata)
3. [Netdata is read-only](#netdata-is-read-only)
4. [Netdata viewers authentication](#netdata-viewers-authentication)
@@ -20,13 +20,13 @@ We have given special attention to all aspects of Netdata, ensuring that everyth
\- [Other methods](#other-methods)
5. [Registry or how to not send any information to a third party server](#registry-or-how-to-not-send-any-information-to-a-third-party-server)
-## Your data are safe with Netdata
+## Your data is safe with Netdata
Netdata collects raw data from many sources. For each source, Netdata uses a plugin that connects to the source (or reads the relative files produced by the source), receives raw data and processes them to calculate the metrics shown on Netdata dashboards.
Even if Netdata plugins connect to your database server, or read your application log file to collect raw data, the product of this data collection process is always a number of **chart metadata and metric values** (summarized data for dashboard visualization). All Netdata plugins (internal to the Netdata daemon, and external ones written in any computer language), convert raw data collected into metrics, and only these metrics are stored in Netdata databases, sent to upstream Netdata servers, or archived to external time-series databases.
-> The **raw data** collected by Netdata, do not leave the host they are collected. **The only data Netdata exposes are chart metadata and metric values.**
+> The **raw data** collected by Netdata, does not leave the host when collected. **The only data Netdata exposes are chart metadata and metric values.**
This means that Netdata can safely be used in environments that require the highest level of data isolation (like PCI Level 1).
@@ -133,7 +133,7 @@ to IP addresses within the `160.1.x.x` range and that reverse DNS is setup for t
Use one web server to provide authentication in front of **all your Netdata servers**. So, you will be accessing all your Netdata with URLs like `http://{HOST}/netdata/{NETDATA_HOSTNAME}/` and authentication will be shared among all of them (you will sign-in once for all your servers). Instructions are provided on how to set the proxy configuration to have Netdata run behind [nginx](Running-behind-nginx.md), [Apache](Running-behind-apache.md), [lighttpd](Running-behind-lighttpd.md) and [Caddy](Running-behind-caddy.md).
-To use this method, you should firewall protect all your Netdata servers, so that only the web server IP will allowed to directly access Netdata. To do this, run this on each of your servers (or use your firewall manager):
+To use this method, you should firewall protect all your Netdata servers, so that only the web server IP will be allowed to directly access Netdata. To do this, run this on each of your servers (or use your firewall manager):
```sh
PROXY_IP="1.2.3.4"