Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change the default Rabbitmq username and password #20

Open
zagrosbingol opened this issue Oct 30, 2024 · 1 comment
Open

Change the default Rabbitmq username and password #20

zagrosbingol opened this issue Oct 30, 2024 · 1 comment

Comments

@zagrosbingol
Copy link

Hello,

Hope all is well?

A great idea from a security wise perspective is to change the rabbitmq default username and password located in:
docker-compose.yml

See the following code:

version: '3'

services:
  db:
    image: postgres:latest
    restart: always
    command: "-c max_connections=512"
    environment:
      POSTGRES_USER: postgres
      POSTGRES_PASSWORD: postgres
      POSTGRES_DB: postgres
    volumes:
      - db_data:/var/lib/postgresql/data
  pgbouncer:
    image: edoburu/pgbouncer:latest
    environment:
      - DB_HOST=db
      - DB_PORT=5432
      - DB_USER=postgres
      - DB_PASSWORD=postgres
      - AUTH_TYPE=scram-sha-256
      - DEFAULT_POOL_SIZE=512
      - MAX_CLIENT_CONN=10000
      - POOL_MODE=transaction
  rabbitmq:
    image: rabbitmq:3-management-alpine
    restart: always
    volumes:
      - mq_data:/var/lib/rabbitmq/
    healthcheck:
      test: rabbitmq-diagnostics -q ping
      interval: 30s
      timeout: 60s
      retries: 5
  web:
    build: .
    restart: always
    image: ghcr.io/bitthebyte/monitorizer:main
    command: /webserver-entrypoint.sh
    environment:
      POSTGRES_HOST: pgbouncer
      CELERY_BROKER_URL: 'amqp://guest:guest@rabbitmq:5672'
    ports:
      - "8000:8000"
    depends_on:
      - db
      - rabbitmq

  beat_worker:
    restart: always
    image: ghcr.io/bitthebyte/monitorizer:main
    command: celery -A monitorizer.server beat -l info
    depends_on:
      - db
      - rabbitmq
    environment:
      CELERY_BROKER_URL: 'amqp://guest:guest@rabbitmq:5672'
      POSTGRES_HOST: pgbouncer

  report_worker:
    restart: always
    image: ghcr.io/bitthebyte/monitorizer:main
    command: celery -A monitorizer.server worker -Q reports -l info
    depends_on:
      - db
      - rabbitmq
    environment:
      CELERY_BROKER_URL: 'amqp://guest:guest@rabbitmq:5672'
      POSTGRES_HOST: pgbouncer

  job_worker:
    restart: always
    privileged: true
    image: ghcr.io/bitthebyte/monitorizer:main
    command: celery -A monitorizer.server worker -Q default -l info
    depends_on:
      - db
      - rabbitmq
    environment:
      CELERY_BROKER_URL: 'amqp://guest:guest@rabbitmq:5672'
      POSTGRES_HOST: pgbouncer
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /home/.monitorizer:/home/.monitorizer:shared

volumes:
  db_data:
  mq_data:

Is it possible to randomize or do anything that can be changed or add a note in readme.md to let users know that a change of password shall be made in order to avoid attacks.

Thank you for all youre work and warm regards,
@zagrosbingol
Copy link
Author

Reference:
https://book.hacktricks.xyz/network-services-pentesting/15672-pentesting-rabbitmq-management

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@zagrosbingol