CouchDB is a popular NoSQL database that uses TCP port 5984 for communication. However, if the port is left open and unrestricted, it can lead to security vulnerabilities, making it essential to restrict inbound access to this port.
To ensure there is no unrestricted inbound access to TCP port 5984 for CouchDB, follow the below steps:
- Identify the security group associated with the CouchDB instance.
- Go to the security group in the AWS Management Console.
- Click on the "Inbound Rules" tab.
- Identify the rule that allows unrestricted access to TCP port 5984.
- Click on the "Edit" button for that rule.
- Change the source IP range to a specific IP address or an IP range that requires access.
- If necessary, create a new rule that allows access to the required IP address or IP range.
- Save the changes to the security group.
Note: It is recommended to limit access to the minimum set of IP addresses that require access to CouchDB.
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.