21 พฤษภาคม 2563

Vulnerability in RabbitMQ : disable cleartext authentication mechanisms in the amqp configuration, Golang

To fix the vulnerability in RabbitMQ : disable cleartext authentication mechanisms in the amqp configuration, follow these steps

Create self-signed certificate files

the easy way is cloning the repository https://github.com/michaelklishin/tls-gen  then

1. go to the cloned repository and goto basic directory

2. run make PASSWORD={your_password} CN={your_domain}, see image below


3. ca, server and client certificate files will be created, see image below



Configure RabbitMQ configuration file

your rabbitmq.conf should be configured like this

loopback_users.guest = false
listeners.ssl.default = 5671
ssl_options.cacertfile = path_to_ca_certificate.pem
ssl_options.certfile = path_to_server_certificate.pem
ssl_options.keyfile = path_to_server_key.pem
ssl_options.password = XXXXX
default_pass = XXXXX
default_user = XXXXX

* Note
listeners.tcp.default = 5672 must be removed
- ssl_options.password must match the certificate password from the step above
- a related document is available at https://www.rabbitmq.com/ssl.html

Configure the client

your client code (Golang) should be written like this

cfg := new(tls.Config)
cfg.InsecureSkipVerify = true
cfg.RootCAs = x509.NewCertPool()
ca, err := ioutil.ReadFile("path_to_ca_certificate.pem")

if err == nil {
cfg.RootCAs.AppendCertsFromPEM(ca)
} else {
return nil, err
}

cert, err := tls.LoadX509KeyPair(
"path_to_client_certificate.pem",
"path_to_client_key.pem",
)
if err == nil {
cfg.Certificates = append(cfg.Certificates, cert)
} else {
return nil, err
}

url := fmt.Sprintf(
"amqps://%s:%s@%s:%d",
"rabbit_user",
"rabbit_password",
"rabbit_host",
5671,
)
con, err := amqp.DialTLS(url, cfg)
if err != nil {
return nil, err
}

see related full Golang code at https://tinyurl.com/y6u9ack9

1 ความคิดเห็น:

  1. ไม่ระบุชื่อ22 ธันวาคม, 2564 13:14

    I want to testify about TD Ameritrade who helped me invest my bitcoin and made me who I am today, I never believe in investing in bitcoin until I met TD Ameritrade. I saw so many testimonies about him helping people to invest their bitcoin. I decide to contact him and invested $500 and, after 72 hours, I get my $ 5,000 profit in my bitcoin wallet. Since I invested with them and I always receive my profit without delay, so if you want to invest your bitcoin, TD Ameritrade is the best deal with which you can invest and make profit is a guarantee. So, if you want to invest, just contact him and he will guide you on how to start your investment. whatsapp +447883246472
    Email: tdameritrade077@gmail.com

    ตอบลบ

บทความยอดนิยม (ล่าสุด)

บทความยอดนิยม (1 ปีย้อนหลัง)