MongoDB fork mode default config

Question

im Using v3.4 (Ubuntu 16.04) and Im running it with this command:

mongod --fork --logpath /var/log/mongodb/mongod.log --dbpath /var/lib/mongodb

The weird thing is that with above command mongod service runs on publicly on 0.0.0.0:27107 despite that the default file location /etc/mongod.conf says:

net:
  port: 27017
  bindIp: 127.0.0.1

Now, I know that I'm not explicitly passing config file this param:

mongod --fork --logpath /var/log/mongodb/mongod.log --dbpath /var/lib/mongodb --config /etc/mongod.conf

If I do that, config is fine, but my question is: if I run mongod daemon with no specific config file and its not reading /etc/mongod.conf as default where is the default config that its reading? what are default config parameters? also as default is listening on 0.0.0.0 which a huge security flaw, is this a bug?

Thanks in advance.

Answer 1

I know that I'm not explicitly passing config file this param:

You need to specify --config FILENAME to specify a configuration file for runtime. This is the preferred method over the command-line configuration options. There is no default configuration file that mongod use implicitly. As configuration is optional.

what are default config parameters?

You can see the default values for mongod parameters on the documentation for mongod options.

default is listening on 0.0.0.0 which a huge security flaw, is this a bug?

Starting in MongoDB v3.6+, mongod and mongos bind to localhost by default. Previously, starting in MongoDB 2.6, only the binaries from the official MongoDB RPM (Red Hat, CentOS, Fedora Linux, and derivatives) and DEB (Debian, Ubuntu, and derivatives) packages bind to localhost by default. See also Localhost binding compatibility changes.

I would also suggest to review MongoDB Security Checklist to improve the security measures of your MongoDB deployment.