Project

General

Profile

Tâche #29101

Scénario #23149: Envoi de logs : revoir la façon dont sont gérés les certificats utilisés par rsyslog

Générer/fournir un certificat

Added by Matthieu Lamalle almost 3 years ago. Updated almost 3 years ago.

Status:
Fermé
Priority:
Normal
Assigned To:
Start date:
10/14/2019
Due date:
% Done:

100%

Remaining (hours):
0.0

Description

La CA /etc/rsyslog.d/ssl/certs/zephirlog_ca.pem n'est plus généré.

Associated revisions

Revision 0cdf4af6 (diff)
Added by Matthieu Lamalle almost 3 years ago

set correct certs and ca files for rsyslog ref #29101

Revision 1037b040 (diff)
Added by Matthieu Lamalle almost 3 years ago

set correct certs and ca files for rsyslog ref #29101

Revision 9c7cb112 (diff)
Added by Matthieu Lamalle almost 3 years ago

set certs files ref #29101

Revision d6d07331 (diff)
Added by Matthieu Lamalle almost 3 years ago

set tls certs for client ref #29101

History

#1 Updated by Matthieu Lamalle almost 3 years ago

  • Description updated (diff)

#2 Updated by Matthieu Lamalle almost 3 years ago

On va utiliser le fichier /etc/ssl/certs/ca_local.crt, et se servir des variables server_cert, server_key et server_pem pour les utiliser dans rsyslog.
Un script posttemplate va s'occuper de les copier au bon endroit avec les bons droits.

#3 Updated by Matthieu Lamalle almost 3 years ago

  • Assigned To set to Matthieu Lamalle

#4 Updated by Matthieu Lamalle almost 3 years ago

  • Status changed from Nouveau to En cours

#5 Updated by Matthieu Lamalle almost 3 years ago

  • Status changed from En cours to Résolu

#6 Updated by Joël Cuissinat almost 3 years ago

  • Status changed from Résolu to Fermé
  • % Done changed from 0 to 100
  • Remaining (hours) set to 0.0
root@eolebase:~# for var in rsyslog_ca_file rsyslog_cert_file rsyslog_privkey_file;do ls -al "$(CreoleGet $var)";done
-rw-r--r-- 1 root root 1776 oct.  30 12:03 /etc/ssl/certs/ca_local.crt
-rw-r--r-- 1 syslog syslog 1460 oct.  30 12:03 /etc/rsyslog.d/ssl/certs/rsyslog.crt
-rw------- 1 syslog syslog 1679 oct.  30 12:03 /etc/rsyslog.d/ssl/private/rsyslog.key

Also available in: Atom PDF