Project

General

Profile

Actions

User story #6589

closed

Improve Rudder security in 3.1: Inventory signature and security, SELinux compliance

Added by Benoît PECCATTE over 9 years ago. Updated over 9 years ago.

Status:
Released
Priority:
N/A
Assignee:
-
Category:
System integration
Target version:
UX impact:
Suggestion strength:
User visibility:
Effort required:
Name check:
Fix check:
Regression:

Description

- Sign inventories before sending them
- Verify inventory signature upon reception
- Send inventories with https
- Limit inventory reception to allowed networks
- Limit reports reception to known nodes
- Allow Rudder to run with SELinux


Subtasks 32 (0 open32 closed)

Architecture #6356: Inventory endpoint should validate agent signatureReleasedFrançois ARMAND2015-04-16Actions
Architecture #6506: Change send_clean to push signature along with inventoryReleasedMatthieu CERDA2015-04-16Actions
Architecture #6558: Update test in Rudder so it is ok with new inventory data modelReleasedFrançois ARMAND2015-05-05Actions
User story #6560: Display key used to sign inventory and if the Node is "Certified"ReleasedFrançois ARMAND2015-05-06Actions
Architecture #6567: Add a script to manage node keys on serverReleasedVincent MEMBRÉ2015-05-06Actions
Bug #6583: Can't validate inventory key stored with old formatReleasedNicolas CHARLES2015-05-13Actions
Bug #6584: Tests broken with wrong inventory schemaReleasedNicolas CHARLES2015-05-13Actions
Bug #6600: Cannot modify root server inventory after new installReleasedFrançois ARMAND2015-05-17Actions
Bug #6601: Remove invalid default public key for root serverReleasedFrançois ARMAND2015-05-17Actions
User story #6578: Upload inventory with https by defaultReleasedNicolas CHARLES2015-05-12Actions
User story #2882: Rudder should be SELinux compliantReleasedBenoît PECCATTE2015-04-07Actions
Question #6467: What are the webdav directories used for ?ResolvedBenoît PECCATTE2015-04-07Actions
Architecture #6517: Authorize on SELinux directories used for webdav on the serverReleasedBenoît PECCATTE2015-04-17Actions
Bug #6556: rudder-webapp is using a wrong file in spec file for SELinux policyReleasedFrançois ARMAND2015-05-05Actions
Bug #6597: Rudder webapp postinst are not validReleasedBenoît PECCATTE2015-05-15Actions
Bug #6598: rudder selinux module is not workingReleasedBenoît PECCATTE2015-05-15Actions
Bug #6652: rudder-webapp SELinux-related BuildRequires are neither advertised nor usable on all systemsReleasedBenoît PECCATTE2015-05-21Actions
User story #6672: Remove packaging of rudder-webapp.pp on debianReleasedMatthieu CERDA2015-05-26Actions
Bug #6679: The SELinux compilation in rudder-webapp ties to use the wrong directory as a baseReleasedBenoît PECCATTE2015-05-28Actions
Bug #6681: rudder-webapp spec tries to copy rudder-webapp.pp from wrong directoryReleasedMatthieu CERDA2015-05-28Actions
Bug #6682: rudder-webapp spec tries to build rudder-webapp.pp even if he can'tReleasedMatthieu CERDA2015-05-29Actions
Architecture #6355: Agent should sign their inventory using their private keyReleased2015-04-16Actions
Architecture #6477: Create a script to sign files using openssl on unixReleasedMatthieu CERDA2015-05-15Actions
Bug #6592: signature.sh is not in the final packageReleasedVincent MEMBRÉ2015-05-15Actions
Architecture #6510: Inventory technique should create a signature and send itReleasedVincent MEMBRÉ2015-04-16Actions
Architecture #6515: Add openssl command line on windows - toolsReleasedBenoît PECCATTE2015-04-17Actions
Architecture #6516: Add dependency to openssl command on debianReleasedBenoît PECCATTE2015-04-27Actions
Bug #6535: Cannot build rudder-agent-thin 3.1, cannot apply patchesReleasedVincent MEMBRÉ2015-04-27Actions
Bug #6687: bundle sendInventoryToCmdb tries to send .sign files to the endpointReleasedBenoît PECCATTE2015-06-03Actions
Bug #6692: Syntax error in site.cfReleasedMatthieu CERDA2015-06-03Actions
Bug #6551: signature.sh doesn't use absolute key pathReleasedVincent MEMBRÉ2015-05-04Actions
User story #6739: Sign inventories on WindowsReleasedBenoît PECCATTE2015-06-10Actions

Related issues 1 (0 open1 closed)

Related to Rudder - User story #6363: Secure agent/server communicationReleased2011-03-28Actions
Actions #1

Updated by Benoît PECCATTE over 9 years ago

  • Description updated (diff)
Actions #2

Updated by Vincent MEMBRÉ over 9 years ago

  • Target version changed from 3.1.0~beta1 to 3.1.0~rc1
Actions #3

Updated by Benoît PECCATTE over 9 years ago

Actions #4

Updated by Vincent MEMBRÉ over 9 years ago

  • Subject changed from Improve Rudder security in 3.1 to Improve Rudder security in 3.1: Inventory signature and security, SELinux compliance
  • Status changed from New to In progress
Actions #5

Updated by Vincent MEMBRÉ over 9 years ago

  • Status changed from In progress to 12
Actions #6

Updated by Vincent MEMBRÉ over 9 years ago

  • Status changed from 12 to Pending release
Actions #7

Updated by Vincent MEMBRÉ over 9 years ago

  • Category changed from Architecture - Code maintenance to System integration
Actions #8

Updated by Vincent MEMBRÉ over 9 years ago

  • Target version changed from 3.1.0~rc1 to 3.1.0~beta1
Actions #9

Updated by Vincent MEMBRÉ over 9 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 3.1.0~beta1 which were released today.

Actions

Also available in: Atom PDF