Project

General

Profile

Actions

Architecture #6355

closed

User story #6589: Improve Rudder security in 3.1: Inventory signature and security, SELinux compliance

Agent should sign their inventory using their private key

Added by Benoît PECCATTE over 9 years ago. Updated over 9 years ago.

Status:
Released
Priority:
N/A
Assignee:
-
Category:
System techniques
Target version:
Effort required:
Name check:
Fix check:
Regression:

Description

We should sign agent inventories with their private key.
The signature should be sent with the inventory in a manner that can be ignored by older inventory endpoints.

Suggestion: include them in a comment before or after the inventory and remove it before validation.
Other suggestion, use a separator that is ignored by the parser such as the ASCII record separator charatcter


Subtasks 9 (0 open9 closed)

Architecture #6477: Create a script to sign files using openssl on unixReleasedMatthieu CERDA2015-05-15Actions
Bug #6592: signature.sh is not in the final packageReleasedVincent MEMBRÉ2015-05-15Actions
Architecture #6510: Inventory technique should create a signature and send itReleasedVincent MEMBRÉ2015-04-16Actions
Architecture #6515: Add openssl command line on windows - toolsReleasedBenoît PECCATTE2015-04-17Actions
Architecture #6516: Add dependency to openssl command on debianReleasedBenoît PECCATTE2015-04-27Actions
Bug #6535: Cannot build rudder-agent-thin 3.1, cannot apply patchesReleasedVincent MEMBRÉ2015-04-27Actions
Bug #6687: bundle sendInventoryToCmdb tries to send .sign files to the endpointReleasedBenoît PECCATTE2015-06-03Actions
Bug #6692: Syntax error in site.cfReleasedMatthieu CERDA2015-06-03Actions
Bug #6551: signature.sh doesn't use absolute key pathReleasedVincent MEMBRÉ2015-05-04Actions

Related issues 1 (0 open1 closed)

Related to Rudder - User story #8053: Make signature problem easier to diagnoseReleasedVincent MEMBRÉ2016-05-17Actions
Actions

Also available in: Atom PDF