Page MenuHomePhabricator
Create Task
Maniphest T92971

Examine ways to make using MediaWiki-Vagrant secure (or at least not wildly insecure) on a host exposed to the Internet
Open, MediumPublic
Actions

Description

Recently @werdna submitted a patch that changed the configuration of Elasticsearch to make it slightly more resistant to external attacks. His motivation for this is that he is using the MediaWiki-Vagrant Puppet code to operate a testing host that is exposed to the Internet rather than a local VM on his laptop or even a VM in Labs that is behind a series of proxies.

This is not the first time I've heard of someone using MediaWiki-Vagrant to setup a public or semi-public server for either shared testing or to run a "real" wiki. With the current state of configuration provided by our Puppet code this is a really really bad idea if additional measures aren't taken to secure the host. By design MediaWiki-Vagrant is configuring the VM to be developer friendly which in the current case means no host firewall, many well-known passwords, and extremely verbose logging that can and will leak information about the configuration of the host.

If this use case is going to be promoted (or even not actively discouraged) some attention should be given to providing a hardening guide and possibly even additional Puppet roles that can alter the default configuration to be less likely to lead to immediate compromise of the host.

Related Objects

Event Timeline

bd808 created this task.Mar 17 2015, 3:53 PM
bd808 raised the priority of this task from to Needs Triage.
bd808 updated the task description. (Show Details)
bd808 added a project: MediaWiki-Vagrant.
bd808 added subscribers: bd808, werdna.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 17 2015, 3:53 PM
werdna added a comment.Mar 17 2015, 4:03 PM

In general, MW has accumulated dependencies and components rapidly enough that it's no longer enough to just get some shared hosting, untar it and work away. MW-Vagrant is the only way to set up MediaWiki (with all the trimmings – Parsoid, VisualEditor, background job runners, etc) without hours of effort and dependency hell (depending on your platform).

I think it's worth having a version of MW-Vagrant (possibly called something else) that's secure enough to use publicly.

In this particular case, my laptop was too slow to run MW-Vagrant at a productive speed, and I just set it up on a Linode without any DNS. I guess there were some hackers in China port-scanning known VPS ranges for known vulnerabilities.

My initial thought is that it would at least be a start to set up ufw in the Vagrant puppet configuration.

Gilles mentioned this in T113210: How should Wikimedia software support non-Wikimedia deployments of its software?.Sep 21 2015, 7:52 AM
bd808 triaged this task as Medium priority.Oct 14 2015, 10:16 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL