Description
Don's email on 12/13 Re: Security considerations to be included in docs below:
Thank you Artem for the feedback!
I’ll make sure we make these updates in 4.x and 4.6.
Regards,
Don Pinto
Product Management
don@couchbase.com
1.647.839.7876
From: Artem Stemkovski <astemkov@gmail.com>
Date: Monday, December 12, 2016 at 5:54 PM
To: Don Pinto <don@couchbase.com>
Cc: Mike Wiederhold <mike@couchbase.com>, Dave Finlay <dave.finlay@couchbase.com>, Aliaksey Artamonau <aliaksiej.artamonau@gmail.com>
Subject: Security considerations to be included in docs
Hi Don,
I found that firewalls are somewhat covered here: http://developer.couchbase.com/documentation/server/4.1/security/security-intro.html
But for some reason without concrete port numbers.
So here's what I think should be spelled out in the documentation:
In order to keep couchbase server secure ypu need:
1. Setup firewall to block epmd port 4369 from access outside of cluster network
2. Setup firewall to block erlang ports from access outside of cluster network. These ports are configurable. In our default installation they are: 21100-21299
3. Restrict read and write access to the following directories:
For linux:
/opt/couchbase
For Mac OS:
/Users/<user>/Library/Application Support/Couchbase/var/lib/couchbase
/Applications/Couchbase\ Server.app/Contents/Resources/couchbase-core
For Win (assuming default install location):
C:\Program Files\Couchbase Server\
Basically it means not to give anyone passwords to root and the user under which couchbase is installed.
4. Keep Administrator password secure
Thanks,
Artem
P.S.
Example of security recomendations page that I sent to you in July:
https://docs.ejabberd.im/admin/guide/security[mailto:mail@example.com]