<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Hello Marko, <br>
<br>
You are right that we use syslog. For reference, the network flows
are diplayed here:
<a class="moz-txt-link-freetext" href="https://docs.rudder.io/reference/5.0/architecture_and_dependencies.html#_network_architecture_in_client_server_mode">https://docs.rudder.io/reference/5.0/architecture_and_dependencies.html#_network_architecture_in_client_server_mode</a><br>
<br>
The inventory (ie the node information about hardware, software,
etc) is sent by HTTPS.<br>
The policy configuration files transport (ie where you will most
likelly have sensitive data) uses a dedicated protocol which uses
TLS. <br>
What you see on syslog are the run execution logs which are sent
back to Rudder policy server for compliance computing, and should
not contains sensitive data - but of course, you may want to also
hide that information. In that case, you can configure syslog to
be encrypted. That comes with some requirements though: you will
need rsyslog on nodes, and you will need to use syslog on tcp. But
we don't provide that configuration by default, because syslog is
generally subject to company-wide rules, so we try to just plug on
the existing configuration. <br>
<br>
As we are aware that the user should not have to even wonder about
these things, we are currently working on a new protocol for
agent-server communication (TSL based). In the end, it will
encapsulate all server-node exchanges, and the first one to be
replaced will be syslog, target in 5.1 (begining of 2019). <br>
<br>
Hope it helps, and please ask if you have any other questions or
if you need more information !<br>
<br>
On 16/10/2018 20:23, Marko Winkler wrote:<br>
</div>
<blockquote type="cite"
cite="mid:81771e85-2a13-8c61-3f21-bc1c02db7ecc@gmail.com">
<pre class="moz-quote-pre" wrap="">Hi all,
currently, I've setup a small rudder environment (server in version 5.0
and agents in version 4.3) for testing purposes using the simple
installation guide provided by the official documentation.
During the tests, I notice that the node sends the inventory data using
the syslog protocol. However, a tcpdump on the network interface shows
that the data is sent in plaintext. Did I miss to setup any further
security configuration? A review of the documentation didn't help:
<a class="moz-txt-link-freetext" href="https://docs.rudder.io/history/4.3/_security_considerations.html#_inventory">https://docs.rudder.io/history/4.3/_security_considerations.html#_inventory</a>
It's possible to encrypt all data which will passed between the rudder
components? I am pleased about feedback.
Bests,
Marko
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
FAQ: <a class="moz-txt-link-freetext" href="https://faq.rudder-project.org/">https://faq.rudder-project.org/</a>
Bug Tracker: <a class="moz-txt-link-freetext" href="https://www.rudder-project.org/redmine/">https://www.rudder-project.org/redmine/</a>
_______________________________________________
rudder-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:rudder-users@lists.rudder-project.org">rudder-users@lists.rudder-project.org</a>
<a class="moz-txt-link-freetext" href="https://www.rudder-project.org/mailman/listinfo/rudder-users">https://www.rudder-project.org/mailman/listinfo/rudder-users</a>
</pre>
</blockquote>
<br>
<br>
<div class="moz-signature">-- <br>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<style type="text/css"><!--
a.redlink:link { color: #1782E6; text-decoration: none; }
a.redlink:visited { color: #1782E6; text-decoration: none; }
.sig { font-family: 'Century Gothic', CenturyGothic, AppleGothic, sans-serif; font-size: small; }
.sigsmall { font-family: 'Century Gothic', CenturyGothic, AppleGothic, sans-serif; font-size: x-small; }
--></style>
<br>
<br>
<table width="380" cellspacing="2" cellpadding="0" border="0">
<tbody>
<tr>
<td colspan="2">
<hr></td>
</tr>
<tr>
<td colspan="2"><b><img alt=""
src="cid:part1.578CA3A2.8BA92A93@normation.com"
width="50" hspace="10" height="50" align="left"> <span
class="sig">François ARMAND</span></b><br>
<span class="sig"><i>Co-founder & CTO</i></span><br>
<span class="sig"><a class="redlink"
href="http://www.normation.com">Normation</a></span> </td>
</tr>
<tr>
<td colspan="2">
<hr></td>
</tr>
<tr>
<td colspan="2"><span class="sigsmall"><b>87 rue de Turbigo,
75003 Paris, France</b></span></td>
</tr>
<tr>
<td><span class="sigsmall">Telephone:</span></td>
<td><span class="sigsmall">+33 (0)1 83 62 99 23</span></td>
</tr>
<tr>
<td><span class="sigsmall">Mobile:</span></td>
<td><span class="sigsmall">+33 (0)6 63 37 60 55</span></td>
</tr>
<tr>
<td colspan="2">
<hr></td>
</tr>
</tbody>
</table>
</div>
</body>
</html>