Of course, besides a good secret, there are two other options:
1) Use your firewall
Especially outside access to port 4369
Always good to block ports that should not be accessed by
random Internet users …
2) Let epmd only listen on 127.0.0.1
Before starting Zotonic set:
export ERL_EPMD_ADDRESS=127.0.0.1
And in the erlang.config file add:
{kernel, [
{inet_dist_use_interface,{127,0,0,1}}
]}
3) Disable erlang distribution
Before starting Zotonic set:
export ZOTONIC_DISTRIBUTED=false
Didn’t try the last two yet, so I welcome instructions to include
in the Zotonic documentation :)
Cheers, Marc
> On 5 Oct 2017, at 21:48, Marc Worrell <mworr...@me.com> wrote:
>
> Hi,
>
> Erlang has builtin distribution, which is secured by a secret cookie.
> There have been some discussion about the possibility of brute-forcing this
> cookie.
>
> Looking at the cookie generation code we are the opinion that there is not
> enough entropy.
>
> That is why we advise strongly to use a different cookie than the one
> generated by Erlang.
>
> For this we have a simple script that you might run from the Zotonic/Erlang
> shell.
>
> The script replaces the content of the “.erlang.cookie” file in the Zotonic
> home
> directory and then sets the cookie of the running system to the newly
> generated
> cookie.
>
> First connect with your Erlang shell:
>
> $ bin/zotonic shell
>
> Then run the following (assuming you have a UNIX alike system):
>
> begin
> Cookie = base64:encode(crypto:strong_rand_bytes(30)),
> F = filename:join(os:getenv("HOME"), ".erlang.cookie"),
> CurrCookie = atom_to_binary(erlang:get_cookie(), utf8),
> {ok, CurrCookie} = file:read_file(F),
> ok = file:change_mode(F, 8#600),
> ok = file:write_file(F, Cookie),
> erlang:set_cookie(node(), binary_to_atom(Cookie, utf8)),
> ok = file:change_mode(F, 8#400),
> binary_to_atom(Cookie, utf8)
> end.
>
> If the above doesn’t work, then you can do it manually:
>
> 1. Find the “.erlang.cookie” file in your Zotonic home directory.
> 2. Stop Zotonic
> 3. Replace the contents of the file
> 4. Start Zotonic.
>
>
> Kind regards,
>
> Marc
>
>
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "Zotonic users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to zotonic-users+unsubscr...@googlegroups.com
> <mailto:zotonic-users+unsubscr...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>.
--
---
You received this message because you are subscribed to the Google Groups
"Zotonic developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to zotonic-developers+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
