Hide your Grafana version for unauthenticated users
Security through obscurity is discouraged by most people, but it should also never be ignored in my opinion. As a first step for Grafana, we can hide our version for anonymous users at the login screen.
Just add the following line to the [auth.anonymous]
section in your grafana.ini
:
# hide the grafana version for anonymous users
hide_version = true
When done, it should look similar to this:
[auth.anonymous]
# enable anonymous access
enabled = true
# specify organization name that should be used for unauthenticated users
org_name = Main Org.
# specify role for unauthenticated users
org_role = Viewer
# hide the grafana version for anonymous users
hide_version = true
Save the file and restart your Grafana server.
sudo service grafana-server restart
No comments yet.