Logstash安全性 [英] Logstash security

问题描述

我想知道，是否可以在logstash和logstash-forwarder之间实现双向握手授权？

目前，我知道logstash提供了 ssl证书
为安全性，但我不确定这是保护我的日志流的最佳方式。

$ b $假设你是个坏家伙，你以某种方式复制了我的ssl证书，所以你可以发送日志给我的服务器，让操作者感到困惑和担心。操作人员将开始恐慌，并尝试排除故障，最后生气。

我真的很担心运营商的健康，所以也许有人知道有什么办法在这里得到更好的保护？

解决方案

嗯，好像我正在寻找LSF（或FileBeat）和Logstash之间的相互验证。

这是我发现的 - 在打开问题时，会出现问题没有解决

这里是关于这个主题的一些讨论：

filebeat有相同的支持作为logstash转发器使用，加上一些更细粒度的TLS配置（例如选择TLS版本或配置密码）。通过TLS +服务器认证的连接可以加密验证。 Filebeat本身支持TLS client-auth，但是logstash必须执行（请求证书）客户端身份验证，这尚未实现（请参阅github问题）。

I am wondering, is it possible to implement something like two way handshake authorization between logstash and logstash-forwarder?

At the moment, I know that logstash provides ssl certificates for security, but I am not sure that this is the best way to protect my logs flow.

Let's say if you are a bad guy, and you somehow copied my ssl certificate, so you can send logs to my server and make operator confused and worried. The operator will start panic, and will try to troubleshoot something and finally go mad.

I am really worried about operator's health, so maybe someone knows any way to get better protection here?

解决方案

Well, seems like I was looking for mutual authentication between LSF (or FileBeat) and Logstash.

Here is what I found - there is an open issue, while it is opened, the problem is not solved.

Here is some discussion on this topic:

filebeat has same support as logstash-forwarder used to have, plus some more fine-grained TLS configs (e.g. choose TLS version or configure ciphers). Connection can encrypted via TLS + server certificated is validated. Filebeat itself supports TLS client-auth, BUT logstash must enforce (ask for certificate) client authentication, which is not implemented yet (see github issue).

这篇关于Logstash安全性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！