mirror of https://github.com/zulip/zulip.git
a5496f4098
The RabbitMQ docs state ([1]):
RabbitMQ nodes and CLI tools (e.g. rabbitmqctl) use a cookie to
determine whether they are allowed to communicate with each
other. [...] The cookie is just a string of alphanumeric
characters up to 255 characters in size. It is usually stored in a
local file.
...and goes on to state (emphasis ours):
If the file does not exist, Erlang VM will try to create one with
a randomly generated value when the RabbitMQ server starts
up. Using such generated cookie files are **appropriate in
development environments only.**
The auto-generated cookie does not use cryptographic sources of
randomness, and generates 20 characters of `[A-Z]`. Because of a
semi-predictable seed, the entropy of this password is thus less than
the idealized 26^20 = 94 bits of entropy; in actuality, it is 36 bits
of entropy, or potentially as low as 20 if the performance of the
server is known.
These sizes are well within the scope of remote brute-force attacks.
On provision, install, and upgrade, replace the default insecure
20-character Erlang cookie with a cryptographically secure
255-character string (the max length allowed).
[1] https://www.rabbitmq.com/clustering.html#erlang-cookie
|
||
|---|---|---|
| .. | ||
| lib | ||
| nagios | ||
| setup | ||
| README.md | ||
| __init__.py | ||
| get-django-setting | ||
| purge-old-deployments | ||
| refresh-sharding-and-restart | ||
| restart-server | ||
| start-server | ||
| stop-server | ||
| upgrade-zulip | ||
| upgrade-zulip-from-git | ||
| zulip-puppet-apply | ||
README.md
This directory contains scripts that:
-
Generally do not require access to Django or the database (those are "management commands"), and thus are suitable to run operationally.
-
Are useful for managing a production deployment of Zulip (many are also used in a Zulip development environment, though development-only scripts live in
tools/).
For more details, see https://zulip.readthedocs.io/en/latest/overview/directory-structure.html.