HPE Community
HPE 3PAR StoreServ Storage
1753819 Members
8854 Online
108805 Solutions
New Discussion

3PAR quorum couchdb security

 
ottow
Visitor

‎11-19-2018 08:13 AM

‎11-19-2018 08:13 AM

3PAR quorum couchdb security

Hello all,

Have someone experiance with the security on the couchdb which is used on the quorum server. Is it possible to add a security password on it, to prevent a non password connection. Or is it used by the controllers to communicate, in a peer persistance configuration.

Normally it is a way that can be used to check if it's running:

curl http://10.0.10.1:8080

with response: {"couchdb":"Welcome","version":"1.0.4"}

With regards,

Otto

0 Kudos
Reply
1 REPLY 1
Paulpd
HPE Pro

‎11-30-2018 01:42 AM

‎11-30-2018 01:42 AM

Re: 3PAR quorum couchdb security

This is security volunerability issue. Which would be fixed in the next release of Quorum Witness which would be expected to release next year ( 2019). As of now we have below available action plan as a workaround ;

  1. Add new firewall rules to allow access to port 8080 from the 3PAR arrays allowed access to the Quorum Witness and to block access to all others.

iptables -I INPUT 1 -p tcp –dport 8080 -s <ip-addr-array1> -j ACCEPT

iptables -I INPUT 2 -p tcp –dport 8080 -s <ip-addr-array2> -j ACCEPT

<add rules for additional 3PAR arrays sharing the quorum witness> iptables -I INPUT 3 -p tcp –dport 8080 -j DROP

  1. Save the firewall rules:

/etc/init.d/iptables save

  1. Restart the firewall with the newly saved rules:

/etc/init.d/iptables restart

  1. Verify that the rules are as expected (the 3 news rules are at the top).

iptables -L

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.