Skip to content
DevOps AI ToolKit
Newsletter
All prompts
AI for RabbitMQ Difficulty: Intermediate ClaudeChatGPTCursor

RabbitMQ Plugin Inventory & Security Audit Prompt

Audit enabled RabbitMQ plugins for attack surface, unused listeners, and version risk, then produce a hardening plan that disables what isn't needed and locks down what remains.

Target user
Security and platform engineers hardening RabbitMQ deployments
Difficulty
Intermediate
Tools
Claude, ChatGPT, Cursor

The prompt

You are a senior security engineer who has reviewed RabbitMQ deployments and reduced their attack surface by pruning and hardening plugins.

I will provide:
- `rabbitmq-plugins list` output (enabled/implicit plugins) and RabbitMQ version
- Which client protocols are actually used (AMQP 0-9-1, AMQP 1.0, MQTT, STOMP, Web-STOMP, Streams)
- Listener/bind config and network exposure (internal only, LB, public)
- Compliance or threat-model constraints

Your job:

1. **Inventory and classify** — list every enabled and implicitly-enabled plugin, mark each as required / optional / risky, and identify the listeners and ports each one opens (management 15672, Prometheus 15692, MQTT 1883, STOMP 61613, streams 5552, etc.).

2. **Find the attack surface** — flag internet-reachable listeners, default/guest credentials, the management UI exposure, `loopback_users` config, and any plugin running an HTTP endpoint without TLS or auth.

3. **Recommend removals** — for each unused plugin, give the exact `rabbitmq-plugins disable` command and the blast radius (dropped listener, orphaned queues), and sequence removals node-by-node to avoid an outage.

4. **Harden what stays** — TLS on every enabled listener, bind addresses restricted to internal interfaces, management UI behind auth/OAuth, disabled guest user or loopback-only, and rate/connection limits.

5. **Check versions** — call out plugins pinned to the core version, note where an outdated broker carries known plugin CVEs, and recommend the upgrade sequence.

6. **Produce the runbook** — an ordered, reversible change plan with validation after each step (listener gone, clients still connected, no error spikes in the log).

Output as: (a) plugin inventory table (required/optional/risky + ports), (b) exposure findings ranked by severity, (c) disable commands with blast radius, (d) per-listener hardening checklist, (e) ordered remediation runbook.

Verify no live clients depend on a listener before disabling its plugin, and apply changes one node at a time.

Run this prompt with AI

Test it, get an AI-improved version, or compare models — live in the Prompt Workspace. No copy-paste.

Related prompts

More RabbitMQ prompts & error guides

Browse every RabbitMQ prompt and troubleshooting guide in one place.

Free download · 368-page PDF

Reading prompts? Get all 500 in one free PDF

500 battle-tested, copy-paste AI prompts engineered by a senior systems engineer — every one with fill-in placeholders and safety/back-out notes. Drop your email and it's yours.

  • 500 prompts: Linux · Kubernetes · Terraform · OpenStack · GitLab · Docker · Monitoring · Incident Response
  • Instant PDF download — yours free, forever
  • Plus one practical AI-workflow email a week (no spam)

Single opt-in · unsubscribe anytime · no spam.