rsyslog

$AllowedSender not honored

By Adiscon SupportPosted on December 4, 2008Posted in Security AdvisoriesTagged $AllowedSender, rsyslog

A primitive way of access control is offered in rsyslog via the $AllowedSender configuration directive. It permits the operator to specify hosts from which messages are being accepted. If the directive is not specified, messages from all hosts are accepted. If it is, the set is limited to those senders that match the configured criteria (this can be network addresses or host name). Access control can be configured for UDP- based and TCP-based protocols independently.

Note that this directive may be used to simplify firewall setup, where the firewall permits incoming traffic from all remote machines on the port in question. Then rsyslog ACLs are used to control who is actually permitted. The down-side of this approach is that the packets reach rsyslog and any vulnerability in it can be exploited. Please note that UDP addresses can easily be spoofed (though thankfully not as easy any longer on the public Internet thanks to more careful configuration on most ISP’s side). So an IP-based access control does not work very well for UDP (neither at the firewall nor at the rsyslog level – but the firewall may have more options at hand, given its comparatively broad knowledge of the perimeter). Continue reading “$AllowedSender not honored”

ChangeLog for 3.21.8 (beta)

By adisconteamPosted on December 4, 2008Posted in ChangelogTagged beta, Changelog, rsyslog

Version 3.21.8 [BETA] (rgerhards), 2008-12-04

security bugfix: $AllowedSender was not honored, all senders were
permitted instead (see security advisory)
bugfix: imklog did not compile on FreeBSD
merged in all other changes from 3.20.1 (see there)

ChangeLog for 3.20.2 (v3-stable)

By adisconteamPosted on December 4, 2008Posted in ChangelogTagged Changelog, rsyslog

Version 3.20.2 [v3-stable] (rgerhards), 2008-12-04

re-release of 3.20.1 with an additional fix, that could also lead
to DoS; 3.20.1 has been removed from the official download archives
security fix: imudp emitted a message when a non-permitted sender
tried to send a message to it. This behaviour is operator-configurable.
If enabled, a message was emitted each time. That way an attacker could
effectively fill the disk via this facility. The message is now
emitted only once in a minute (this currently is a hard-coded limit,
if someone comes up with a good reason to make it configurable, we
will probably do that).

ChangeLog for 3.21.9 (beta)

By adisconteamPosted on December 4, 2008Posted in ChangelogTagged beta, Changelog, rsyslog

Version 3.21.9 [BETA] (rgerhards), 2008-12-04

re-release of 3.21.8 with an additional fix, that could also lead
to DoS; 3.21.8 has been removed from the official download archives
security fix: imudp emitted a message when a non-permitted sender
tried to send a message to it. This behaviour is operator-configurable.
If enabled, a message was emitted each time. That way an attacker could
effectively fill the disk via this facility. The message is now
emitted only once in a minute (this currently is a hard-coded limit,
if someone comes up with a good reason to make it configurable, we
will probably do that).

ChangeLog for 4.1.2 (devel)

By adisconteamPosted on December 4, 2008Posted in ChangelogTagged Changelog, devel, rsyslog

Version 4.1.2 [DEVEL] (rgerhards), 2008-12-04

bugfix: code did not compile without zlib
security bugfix: $AllowedSender was not honored, all senders were
permitted instead (see http://www.rsyslog.com/Article322.phtml)
security fix: imudp emitted a message when a non-permitted sender
tried to send a message to it. This behaviour is operator-configurable.
If enabled, a message was emitted each time. That way an attacker could
effectively fill the disk via this facility. The message is now
emitted only once in a minute (this currently is a hard-coded limit,
if someone comes up with a good reason to make it configurable, we
will probably do that).
doc bugfix: typo in v3 compatibility document directive syntax
thanks to Andrej for reporting
imported other changes from 3.21.8 and 3.20.1 (see there)

ChangeLog for 4.0.1 (devel)

By adisconteamPosted on November 18, 2008Posted in ChangelogTagged Changelog, devel, rsyslog

Version 4.1.0 [DEVEL] (rgerhards), 2008-11-18

********************************* WARNING *********************************
This version has a slightly different on-disk format for message entries.
As a consequence, old queue files being read by this version may have
an invalid output timestamp, which could result to some malfunction inside
the output driver. It is recommended to drain queues with the previous
version before switching to this one.
********************************* WARNING *********************************

greatly enhanced performance when compared to v3.
added configuration directive “HUPisRestart” which enables to configure
HUP to be either a full restart or “just” a leightweight way to
close open files.
enhanced legacy syslog parser to detect year if part of the timestamp
the format is based on what Cisco devices seem to emit.
added a setting “$OptimizeForUniprocessor” to enable users to turn off
pthread_yield calls which are counter-productive on multiprocessor
machines (but have been shown to be useful on uniprocessors)
reordered imudp processing. Message parsing is now done as part of main
message queue worker processing (was part of the input thread)
This should also improve performance, as potentially more work is
done in parallel.
bugfix: compressed syslog messages could be slightly mis-uncompressed
if the last byte of the compressed record was a NUL
added $UDPServerTimeRequery option which enables to work with
less acurate timestamps in favor of performance. This enables querying
of the time only every n-th time if imudp is running in the tight
receive loop (aka receiving messsages at a high rate)
doc bugfix: queue doc had wrong parameter name for setting controlling
worker thread shutdown period
restructured rsyslog.conf documentation
bugfix: memory leak in ompgsql
Thanks to Ken for providing the patch

ChangeLog for 3.21.7 (beta)

By adisconteamPosted on November 11, 2008Posted in ChangelogTagged beta, Changelog, rsyslog

Version 3.21.7 [BETA] (rgerhards), 2008-11-11

this is the new beta branch, based on the former 3.21.6 devel
new functionality: ZERO property replacer nomatch option (from v3-stable)

ChangeLog for 4.1.1 (devel)

By adisconteamPosted on November 11, 2008Posted in ChangelogTagged Changelog, devel, rsyslog

Version 4.1.1 [DEVEL] (rgerhards), 2008-11-26

added $PrivDropToGroup, $PrivDropToUser, $PrivDropToGroupID,
$PrivDropToUserID config directives to enable dropping privileges.
This is an effort to provide a security enhancement. For the limits of this
approach, see http://wiki.rsyslog.com/index.php/Security
re-enabled imklog to compile on FreeBSD (brought in from beta)

ChangeLog for 3.20.0 (v3-stable)

By adisconteamPosted on November 5, 2008Posted in ChangelogTagged Changelog, rsyslog, stable

Version 3.20.0 [v3-stable] (rgerhards), 2008-11-05

this is the inital release of the 3.19.x branch as a stable release
bugfix: double-free in pctp netstream driver. Thank to varmojfeko
for the patch

ChangeLog for 3.21.6 (devel)

By adisconteamPosted on October 22, 2008Posted in ChangelogTagged Changelog, devel, rsyslog

Version 3.21.6 [DEVEL] (rgerhards), 2008-10-22

consolidated time calls during msg object creation, improves performance
and consistency
bugfix: solved a segfault condition
bugfix: subsecond time properties generated by imfile, imklog and
internal messages could be slightly inconsistent
added capability to support multiple module search pathes. Thank
to Marius Tomaschewski for providing the patch.
bugfix: im3195 did no longer compile
merged-in fixes from stable and beta releases