On Thu, Feb 09, 2017 at 03:53:52PM -0500, Jeff Darcy wrote: > https://www.theregister.co.uk/2017/02/09/hadoop_clusters_fked/ > Similar attacks have occurred against MongoDB and ElasticSearch. > How long before they target us? How will we do? It is true default glusterfs installation is too open. A simple solution would be to introduce an access control, either by IP whitelist, or better by shared secret. The obvious problem is that it breaks updates. At least peer know each others and could agree on automatically creating a shared secret if it is missing, but we need to break clients. The annoyance can be mitigated with an helpful message on mount failure, in the log and on stdout such as "please copy /etc/glusterd/secret from a server" -- Emmanuel Dreyfus manu@xxxxxxxxxx _______________________________________________ Gluster-devel mailing list Gluster-devel@xxxxxxxxxxx http://lists.gluster.org/mailman/listinfo/gluster-devel
