Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-937

[REBASE] Rebase rsyslog to 8.2108.0 or higher for streamDriver.CAFile

XMLWordPrintable

    • rsyslog-8.2310.0-3.el9
    • Rebase
    • rhel-sst-security-special-projects
    • ssg_security
    • None
    • QE ack, Dev ack
    • False
    • Hide

      None

      Show
      None
    • Yes
    • None
    • Enhancement
    • Hide
      .Rsyslog rebased to 8.2310

      The Rsyslog log processing system has been rebased to upstream version 8.2310. This update introduces significant enhancements and bug fixes. Most notable enhancements include:

      Customizable TLS/SSL encryption settings:: In previous versions, configuring TLS/SSL encryption settings for separate connections was limited to global settings. With the latest version, you can now define unique TLS/SSL settings for each individual connection in Rsyslog. This includes specifying different CA certificates, private keys, public keys, and CRL files for enhanced security and flexibility. For detailed information and usage, see documentation provided in the `rsyslog-doc` package.

      Refined capability dropping feature:: You can now set additional options that relate to capability dropping. You can disable capability dropping by setting the `libcapng.enable` global option to `off`. For more information, see link:https://issues.redhat.com/browse/RHEL-943[RHEL-943].
      Show
      .Rsyslog rebased to 8.2310 The Rsyslog log processing system has been rebased to upstream version 8.2310. This update introduces significant enhancements and bug fixes. Most notable enhancements include: Customizable TLS/SSL encryption settings:: In previous versions, configuring TLS/SSL encryption settings for separate connections was limited to global settings. With the latest version, you can now define unique TLS/SSL settings for each individual connection in Rsyslog. This includes specifying different CA certificates, private keys, public keys, and CRL files for enhanced security and flexibility. For detailed information and usage, see documentation provided in the `rsyslog-doc` package. Refined capability dropping feature:: You can now set additional options that relate to capability dropping. You can disable capability dropping by setting the `libcapng.enable` global option to `off`. For more information, see link: https://issues.redhat.com/browse/RHEL-943 [RHEL-943].
    • Done
    • None

      Description of problem:

      Rsyslog 8.2108.0 introduced a setting `streamDriver.CAFile` which allows setting a CA for a specific connection. This drastically cleans up streams using TLS.

      Without this, you are required to set the global default ca which is inherited by everyone

      Version-Release number of selected component (if applicable):rsyslog-8.2102.0-104.el9.x86_64

      How reproducible: 100%

      Steps to Reproduce:
      1. Try to use streamDriver.CAFile
      2.
      3.

      Actual results:
      version of rsyslog is too old

      Expected results:
      Able to set the CA on the stream I'm telling to encrypt.

      Additional info:

              rh-ee-alakatos Attila Lakatos
              riehecky Pat Riehecky
              Attila Lakatos Attila Lakatos
              Jiri Jaburek Jiri Jaburek
              Jan Fiala Jan Fiala
              Votes:
              1 Vote for this issue
              Watchers:
              11 Start watching this issue

                Created:
                Updated:
                Resolved: