3PAR StoreServ Storage
cancel
Showing results for 
Search instead for 
Did you mean: 

3PAR quorum couchdb security

 
Highlighted
ottow
Visitor

3PAR quorum couchdb security

Hello all,

Have someone experiance with the security on the couchdb which is used on the quorum server. Is it possible to add a security password on it, to prevent a non password connection. Or is it used by the controllers to communicate, in a peer persistance configuration.

Normally it is a way that can be used to check if it's running:

curl http://10.0.10.1:8080

with response: {"couchdb":"Welcome","version":"1.0.4"}

With regards,

Otto

1 REPLY 1
Highlighted
Paulpd
HPE Pro

Re: 3PAR quorum couchdb security

This is security volunerability issue. Which would be fixed in the next release of Quorum Witness which would be expected to release next year ( 2019). As of now we have below available action plan as a workaround ;

  1. Add new firewall rules to allow access to port 8080 from the 3PAR arrays allowed access to the Quorum Witness and to block access to all others.

iptables -I INPUT 1 -p tcp –dport 8080 -s <ip-addr-array1> -j ACCEPT

iptables -I INPUT 2 -p tcp –dport 8080 -s <ip-addr-array2> -j ACCEPT

<add rules for additional 3PAR arrays sharing the quorum witness> iptables -I INPUT 3 -p tcp –dport 8080 -j DROP

  1. Save the firewall rules:

/etc/init.d/iptables save

  1. Restart the firewall with the newly saved rules:

/etc/init.d/iptables restart

  1. Verify that the rules are as expected (the 3 news rules are at the top).

iptables -L