Ways of Securing Rsyslog

classic Classic list List threaded Threaded
7 messages Options
Luv
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Ways of Securing Rsyslog

Luv
Is there any way to secure Rsyslog by simple username password authentication ?

Or http://www.rsyslog.com/doc/v8-stable/tutorials/tls_cert_summary.html this is the only way ?
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Ways of Securing Rsyslog

David Lang
what is it you are wanting to secure?

If you are talking about securing communications between a rsyslog sender and an
rsyslog receiver, you can use TLS with TCP or RELP.

if you are talking abour securing communications between rsyslog and
elasticsearchm you can use username/password, but if you use a password without
encryption, anyone on the network can see the username/password and use it
themselves.

There are also IP filtering options in some cases.

but please define the problem a bit more.

David Lang

On Tue, 13 Jun 2017, Luv via rsyslog wrote:

> Date: Tue, 13 Jun 2017 23:12:46 -0700 (MST)
> From: Luv via rsyslog <[hidden email]>
> To: [hidden email]
> Cc: Luv <[hidden email]>
> Subject: [rsyslog] Ways of Securing Rsyslog
>
> Is there any way to secure Rsyslog by simple username password authentication
> ?
>
> Or http://www.rsyslog.com/doc/v8-stable/tutorials/tls_cert_summary.html this
> is the only way ?
>
>
>
> --
> View this message in context: http://rsyslog-users.1305293.n2.nabble.com/Ways-of-Securing-Rsyslog-tp7592465.html
> Sent from the rsyslog-users mailing list archive at Nabble.com.
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Luv
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Ways of Securing Rsyslog

Luv
Hi david, thanks for your response.

For example, I have opened the udp port 514 on my machine using rsyslog imudp module. Now, any person knowing my IP can forward anything on this socket. Is there any way to secure that ?

Like elasticsearch opens the port 9200, but it gives us option to secure it by using USERNAME and PASSWORD basic auth. So, not everybody can write to elasticsearch. People knowing username and password, only they can write to elasticsarch.

I was looking for something like that.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Ways of Securing Rsyslog

David Lang
no, you cannot use TLS or user/password on UDP.

you can filter by IP address.

syslog is a protocol designed to be used on a trusted network. It has been
extended to be able to be secured, but only with TCP/RELP, and if you don't
encrypt your communication, username/password security is meaningless.

David Lang

On Tue, 13 Jun 2017, Luv via rsyslog wrote:

> Date: Tue, 13 Jun 2017 23:24:26 -0700 (MST)
> From: Luv via rsyslog <[hidden email]>
> To: [hidden email]
> Cc: Luv <[hidden email]>
> Subject: Re: [rsyslog] Ways of Securing Rsyslog
>
> Hi david, thanks for your response.
>
> For example, I have opened the udp port 514 on my machine using rsyslog
> imudp module. Now, any person knowing my IP can forward anything on this
> socket. Is there any way to secure that ?
>
> Like elasticsearch opens the port 9200, but it gives us option to secure it
> by using USERNAME and PASSWORD basic auth. So, not everybody can write to
> elasticsearch. People knowing username and password, only they can write to
> elasticsarch.
>
> I was looking for something like that.
>
>
>
> --
> View this message in context: http://rsyslog-users.1305293.n2.nabble.com/Ways-of-Securing-Rsyslog-tp7592465p7592467.html
> Sent from the rsyslog-users mailing list archive at Nabble.com.
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Luv
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Ways of Securing Rsyslog

Luv
Okay cool !

One last thing, but not related to this topic.

Can you tell me how can I pass username and password of elasticsearch in action omelasticsearch?

action(type="omelasticsearch" searchIndex="test" username="abc" password="abc"), like this ?
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Ways of Securing Rsyslog

David Lang
have you read the docs on omelasticsearch?

On Tue, 13 Jun 2017, Luv via rsyslog wrote:

> Okay cool !
>
> One last thing, but not related to this topic.
>
> Can you tell me how can I pass username and password of elasticsearch in
> action omelasticsearch?
>
> action(type="omelasticsearch" searchIndex="test" username="abc"
> password="abc"), like this ?
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Ways of Securing Rsyslog

rsyslog-users mailing list
I’ll add - we enforce and filter on an approved syslog-tag list.  Any message received that doesn’t have a valid syslog-tag is dropped.  Plus we use UUIDs for our tags so they’re (basically) impossible to guess

Andrew Griffin
Apple
ETS / Integration Services
1 Infinite Loop, 175-DR
Cupertino, CA 95014, USA
Office 408-783-8348
iPhone 916-897-4335
[hidden email]

This email and any attachments may be privileged and may contain confidential information intended only for the recipient(s) named above. Any other distribution, forwarding, copying or disclosure of this message is strictly prohibited. If you have received this email in error, please notify me immediately by telephone or return email, and delete this message from your system.

> On Jun 13, 2017, at 11:59 PM, David Lang <[hidden email]> wrote:
>
> have you read the docs on omelasticsearch?
>
> On Tue, 13 Jun 2017, Luv via rsyslog wrote:
>
>> Okay cool !
>>
>> One last thing, but not related to this topic.
>>
>> Can you tell me how can I pass username and password of elasticsearch in
>> action omelasticsearch?
>>
>> action(type="omelasticsearch" searchIndex="test" username="abc"
>> password="abc"), like this ?
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

smime.p7s (4K) Download Attachment
Loading...