Of course, besides a good secret, there are two other options:
1) Use your firewall
Especially outside access to port 4369
Always good to block ports that should not be accessed by
random Internet users …
2) Let epmd only listen on 127.0.0.1
Before starting Zotonic set:
export ERL_EPMD_ADDRESS=127.0.0.1
And in the erlang.config file add:
{kernel, [
{inet_dist_use_interface,{127,0,0,1}}
]}
3) Disable erlang distribution
Before starting Zotonic set:
export ZOTONIC_DISTRIBUTED=false
Didn’t try the last two yet, so I welcome instructions to include
in the Zotonic documentation :)
Cheers, Marc
> On 5 Oct 2017, at 21:48, Marc Worrell <[email protected]> wrote:
>
> Hi,
>
> Erlang has builtin distribution, which is secured by a secret cookie.
> There have been some discussion about the possibility of brute-forcing this
> cookie.
>
> Looking at the cookie generation code we are the opinion that there is not
> enough entropy.
>
> That is why we advise strongly to use a different cookie than the one
> generated by Erlang.
>
> For this we have a simple script that you might run from the Zotonic/Erlang
> shell.
>
> The script replaces the content of the “.erlang.cookie” file in the Zotonic
> home
> directory and then sets the cookie of the running system to the newly
> generated
> cookie.
>
> First connect with your Erlang shell:
>
> $ bin/zotonic shell
>
> Then run the following (assuming you have a UNIX alike system):
>
> begin
> Cookie = base64:encode(crypto:strong_rand_bytes(30)),
> F = filename:join(os:getenv("HOME"), ".erlang.cookie"),
> CurrCookie = atom_to_binary(erlang:get_cookie(), utf8),
> {ok, CurrCookie} = file:read_file(F),
> ok = file:change_mode(F, 8#600),
> ok = file:write_file(F, Cookie),
> erlang:set_cookie(node(), binary_to_atom(Cookie, utf8)),
> ok = file:change_mode(F, 8#400),
> binary_to_atom(Cookie, utf8)
> end.
>
> If the above doesn’t work, then you can do it manually:
>
> 1. Find the “.erlang.cookie” file in your Zotonic home directory.
> 2. Stop Zotonic
> 3. Replace the contents of the file
> 4. Start Zotonic.
>
>
> Kind regards,
>
> Marc
>
>
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "Zotonic users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected]
> <mailto:[email protected]>.
> For more options, visit https://groups.google.com/d/optout
> <https://groups.google.com/d/optout>.
--
---
You received this message because you are subscribed to the Google Groups
"Zotonic developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
