rsyslog

HIPAA compliance through rsyslog

By Adiscon SupportPosted on July 22, 2013Posted in FAQTagged audit, HIPAA compliance, penalty, violation

HIPAA, the Health Insurance Portability and Accountability Act, is defining the standard for protecting sensitive patient data. This concerns every company that has to deal with protected health information and must ensure that all data must be secure in a physical way, on the network and in the process of data usage. Affected by this act is anyone who provides treatment, payment and operations in healthcare, as well as business associates who provide this as well.

The goal of HIPAA is to have the patient data protected. A security breach and thus a leak of patient data can cause extensive damage. Not only is it inflicting the trust of the patient into the organization, but also there are significant fines that come with a HIPAA violation.

The American Medical Association broke down the cost for several scenarios:

HIPAA Violation	Minimum Penalty	Maximum Penalty
Individual did not know (and by exercising reasonable diligence would not have known) that he/she violated HIPAA	$100 per violation, with an annual maximum of $25,000 for repeat violations (Note: maximum that can be imposed by State Attorneys General regardless of the type of violation)	$50,000 per violation, with an annual maximum of $1.5 million
HIPAA violation due to reasonable cause and not due to willful neglect	$1,000 per violation, with an annual maximum of $100,000 for repeat violations	$50,000 per violation, with an annual maximum of $1.5 million
HIPAA violation due to willful neglect but violation is corrected within the required time period	$10,000 per violation, with an annual maximum of $250,000 for repeat violations	$50,000 per violation, with an annual maximum of $1.5 million
HIPAA violation is due to willful neglect and is not corrected	$50,000 per violation, with an annual maximum of $1.5 million	$50,000 per violation, with an annual maximum of $1.5 million

And though, the annual maximum for violations lies at $1.5 million, the actual cost might be higher than such a basic cost. Patients may take legal action after their data is comprised and organizations are required to notify their patients if they are affected. Thus, the overall cost for non-compliance may quickly escalate. And even without being HIPAA compliant, significant cost can occur withough an incident even happening, just because an audit failed, fines will incur and remediation steps need to be taken.

rsyslog and it’s strong logging structure can help you minimizing the risks for such violations. One of the main requirements to become HIPAA compliant is to ensure, that patient data is handled with the right confidentialiy, ensure its integrity and its availability. Also one needs to identify common threats and implement solutions. On IT systems, some more or less basic tools give additional help to achieve these goals. Syslog servers like rsyslog receive and consolidate a lot of data that an auditor needs to review, identify problems and act accordingly.

Thus rsyslog can be escpecially valuable to achieve HIPAA compliance because it can ease the job for administrators and auditors by autonomously receiving, filtering and archiving log data, so review of the data becomes a lot easier if stored properly.

rsyslog 7.4.3 (v7-stable)

By Adiscon SupportPosted on July 18, 2013Posted in Download, stableTagged 7.4.3, bugfix, Download, rsyslog, stable, v7

Download file name: rsyslog 7.4.3 (stable)

rsyslog 7.4.3 (stable)
sha256 hash: d96fcb733452177f5f06789507e06f5c01434d83001c130c9fcdf21e0fffe382

Author: Rainer Gerhards (rgerhards@adiscon.com)
Version: 7.4.3 File size: 2.77 MB

Download this file now!

librelp 1.2.0

By Rainer GerhardsPosted on July 15, 2013Posted in 1.2.0, epoll()Tagged librelp

librelp 1.2.0 [download]

This version offers support for epoll() on platforms that provide it. This provides both better performance and the ability to handle many more connections.

Version 1.2.0 – 2013-07-15
– support for epoll() added
platforms that do not support it fall back to select()
– API extension: relpEngineSetOnGenericErr

sha256sum: 5a8870fd2ae496be08d100ef8a65807311f11d6976ed37b8e0cd8024872c31e5

librelp 1.1.5

By Rainer GerhardsPosted on July 5, 2013Posted in 1.1.5Tagged bugfix, librelp

librelp 1.1.5 [download]

This is a bug-fixing release that takes care of a memory leak on connection close as well as potential misadressing on session close.

Version 1.1.5 – 2013-07-05
– bugfix: memory leak on connection close
around 60 bytes of memory were lost on each connection close at the
server side (when the client initiated a close)
– bugfix: potential misadressing on session close
This can happen if also a write was outstanding, a quite unusable
situation. In that case, already freed memory was being accessed.

sha256sum: 2322d771bd6036dd11519509177722baa36bc0e61a5d6748cbce0addf7f43243

rsyslog 7.5.2 (v7-devel) released

By Adiscon SupportPosted on July 5, 2013Posted in News, Release AnnouncementTagged 7.5.2, bugfix, devel, librelp, omelasticsearch, omrelp, release, v7

This version provides performance enhancements for the RELP modules. It also provides a fix for a potential security issue in omelasticsearch. Please note that the security issue only exists in non-default configuration if the “errorfile” parameter was specified.

As always, feedback is appreciated.

Best regards, Florian Riedl

Changelog for 7.5.2 (v7-devel)

By Adiscon SupportPosted on July 5, 2013Posted in ChangelogTagged 7.5.2, bugfix, Changelog, devel, librelp, omelasticsearch, omrelp, rsyslog, v7

Version 7.5.2 [devel] 2013-07-04

librelp 1.1.4 is now required
We use API extensions for better error reporting and higher performance.
omrelp: use transactional mode to make imrelp emit bulk sends
omrelp: add “windowSize” parameter to set custom RELP window size
bugfix: double-free in omelasticsearch
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=461
a security advisory for this bug is available at:
http://www.lsexperts.de/advisories/lse-2013-07-03.txt
Thanks to Markus Vervier and Marius Ionescu for providing a detailled bug report. Special thanks to Markus for coordinating his security advisory with us.
doc: fixed various typos
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=391
Thanks to Georgi Georgiev for the patch.

rsyslog 7.5.2 (v7-devel)

By Adiscon SupportPosted on July 5, 2013Posted in devel, DownloadTagged 7.5.2, bugfix, devel, Download, rsyslog, v7

Download file name: rsyslog 7.5.2 (devel)

rsyslog 7.5.2 (devel)
sha256 hash: 49be28fc5582248eb07472cee204732d2a7e50ae70c4544ef516c1f644a91200

Author: Rainer Gerhards (rgerhards@adiscon.com)
Version: 7.5.2 File size: 2.931 MB

Download this file now!

rsyslog 7.4.2 (v7-stable) released

By Adiscon SupportPosted on July 5, 2013Posted in News, Release AnnouncementTagged 7.4.2, bugfix, CENTOS5, FreeBSD, imudp, memory leak, omelasticsearch, omrelp, rainerscript, release, rsyslog, segfault, stable, TLS, v7, wildcards

This is a maintenance release, consisting primarily of bug fixes. It also provides a fix for a potential security issue in omelasticsearch. Please note that the security issue only exists in non-default configuration if the “errorfile” parameter was specified.

ChangeLog:

http://www.rsyslog.com/changelog-for-7-4-2-v7-stable/

Download:

http://www.rsyslog.com/rsyslog-7-4-2-v7-stable/

As always, feedback is appreciated.

Best regards,
Florian Riedl

Changelog for 7.4.2 (v7-stable)

By Adiscon SupportPosted on July 5, 2013Posted in ChangelogTagged 7.4.2, bugfix, CENTOS5, Changelog, FreeBSD, imudp, memory leak, omelasticsearch, omrelp, rainerscript, rsyslog, segfault, stable, TLS, v7, wildcards

Version 7.4.2 [v7.4-stable] 2013-07-04

bugfix: in RFC5425 TLS, multiple wildcards in auth could cause segfault
bugfix: RainerScript object required parameters were not properly checked – this clould result to segfaults on startup if parameters were missing.
bugfix: double-free in omelasticsearch closes: http://bugzilla.adiscon.com/show_bug.cgi?id=461 a security advisory for this bug is available at: http://www.lsexperts.de/advisories/lse-2013-07-03.txt PLEASE NOTE: This issue only existed if omelasticsearch was used in a non-default configuration, where the “errorfile” parameter was specified. Without that parameter set, the bug could not be triggered. Thanks to Markus Vervier and Marius Ionescu for providing a detailled bug report. Special thanks to Markus for coordinating his security advisory with us.
bugfix: omrelp potential segfault at startup on invalid config parameters
bugfix: small memory leak when $uptime property was used
bugfix: potential segfault on rsyslog termination in imudp closes: http://bugzilla.adiscon.com/show_bug.cgi?id=456
bugfix: lmsig_gt abort on invalid configuration parameters closes: http://bugzilla.adiscon.com/show_bug.cgi?id=448 Thanks to Risto Laanoja for the patch.
imtcp: fix typo in “listner” parameter, which is “listener” Currently, both names are accepted.
solved build problems on FreeBSD closes: http://bugzilla.adiscon.com/show_bug.cgi?id=457 closes: http://bugzilla.adiscon.com/show_bug.cgi?id=458 Thanks to Christiano for reproting and suggesting patches
solved build problems on CENTOS5

rsyslog 7.4.2 (v7-stable)

By Adiscon SupportPosted on July 5, 2013Posted in Download, stableTagged 7.4.2, bugfix, Download, rsyslog, stable, v7

Download file name: rsyslog 7.4.2 (stable)

rsyslog 7.4.2 (stable)
sha256 hash: 8c35d43828c8167d03b36f657e614358ac3fdc1e89e206b4870cfa4b1036736c

Author: Rainer Gerhards (rgerhards@adiscon.com)
Version: 7.4.2 File size: 2906942 bytes

Download this file now!