DRBD replicates block data between peers. Hardening targets replication link protection, node trust, and cluster control security.
- Keep DRBD replication on dedicated private networks.
- Use protocol settings appropriate for data consistency requirements.
- Restrict DRBD ports to peer node addresses only.
¶ Authentication and Integrity
- Enable DRBD peer authentication (shared-secret based configs where supported).
- Protect DRBD config files with root-only permissions.
- Validate both peers before promotion in HA workflows.
- If using Pacemaker/Corosync, harden cluster auth and admin interfaces.
- Limit who can promote primary role.
- Log and alert on split-brain events.
¶ OS and Disk Hardening
- Run minimal services on DRBD nodes.
- Patch kernel and DRBD packages regularly.
- Encrypt backing storage where data classification requires it.