Node_exporter on user root

[coreIn 3d]

Hi 

I have a server with with node exporter . Currently node exporter use a specific user but it can't access on /proc and /sys because i have a kernel with grsecurity . I Can t use an other kernel for any reason. I want excute node exporter on Root and expose metrics on 127.0.0.1:9100 with auth. And use exporter_exporter as proxy on public IP with TLS and auth. 

IS there a risk of sécurity?

Have you an other Idea ?

Thanks

[Brian Candler]

If your kernel requires you to run node_exporter as root, and you have no way of configuring policy to allow access to /proc and /sys, then I guess you don't really have any option.

I use exporter_exporter in front for TLS termination and certificate authentication, and it works fine.  I believe node_exporter 1.3.x can do its own TLS and auth via --web.config, but exposing a root-running process directly doesn't sound like a great idea.