Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-937

[REBASE] Rebase rsyslog to 8.2108.0 or higher for streamDriver.CAFile

XMLWordPrintable

    • rsyslog-8.2310.0-3.el9
    • Rebase
    • sst_security_special_projects
    • ssg_security
    • None
    • QE ack, Dev ack
    • False
    • Hide

      None

      Show
      None
    • Yes
    • Enhancement
    • Hide
      .Rsyslog rebased to 8.2310

      The Rsyslog log processing system has been rebased to upstream version 8.2310. This update introduces significant enhancements and bug fixes. Most notable enhancements include:

      Customizable TLS/SSL encryption settings:: In previous versions, configuring TLS/SSL encryption settings for separate connections was limited to global settings. With the latest version, you can now define unique TLS/SSL settings for each individual connection in Rsyslog. This includes specifying different CA certificates, private keys, public keys, and CRL files for enhanced security and flexibility. For detailed information and usage, see documentation provided in the `rsyslog-doc` package.

      Refined capability dropping feature:: You can now set additional options that relate to capability dropping. You can disable capability dropping by setting the `libcapng.enable` global option to `off`. For more information, see link:https://issues.redhat.com/browse/RHEL-943[RHEL-943].
      Show
      .Rsyslog rebased to 8.2310 The Rsyslog log processing system has been rebased to upstream version 8.2310. This update introduces significant enhancements and bug fixes. Most notable enhancements include: Customizable TLS/SSL encryption settings:: In previous versions, configuring TLS/SSL encryption settings for separate connections was limited to global settings. With the latest version, you can now define unique TLS/SSL settings for each individual connection in Rsyslog. This includes specifying different CA certificates, private keys, public keys, and CRL files for enhanced security and flexibility. For detailed information and usage, see documentation provided in the `rsyslog-doc` package. Refined capability dropping feature:: You can now set additional options that relate to capability dropping. You can disable capability dropping by setting the `libcapng.enable` global option to `off`. For more information, see link: https://issues.redhat.com/browse/RHEL-943 [RHEL-943].
    • Done
    • None

      Description of problem:

      Rsyslog 8.2108.0 introduced a setting `streamDriver.CAFile` which allows setting a CA for a specific connection. This drastically cleans up streams using TLS.

      Without this, you are required to set the global default ca which is inherited by everyone

      Version-Release number of selected component (if applicable):rsyslog-8.2102.0-104.el9.x86_64

      How reproducible: 100%

      Steps to Reproduce:
      1. Try to use streamDriver.CAFile
      2.
      3.

      Actual results:
      version of rsyslog is too old

      Expected results:
      Able to set the CA on the stream I'm telling to encrypt.

      Additional info:

            rh-ee-alakatos Attila Lakatos
            riehecky Pat Riehecky
            Attila Lakatos Attila Lakatos
            Jiri Jaburek Jiri Jaburek
            Jan Fiala Jan Fiala
            Votes:
            1 Vote for this issue
            Watchers:
            11 Start watching this issue

              Created:
              Updated:
              Resolved: