Feature #24506: filter out some RSA private keys which are logged by some /api/v2 requests - Katello - Foreman

Actions

Copy link

Feature #24506

open

filter out some RSA private keys which are logged by some /api/v2 requests

Added by Anonymous almost 7 years ago. Updated 8 months ago.

Status:

New

Priority:

Normal

Assignee:

Category:

Target version:

Difficulty:

Triaged:

Yes

Bugzilla link:

Pull request:

Fixed in Releases:

Found in Releases:

Katello 3.7.0

Red Hat JIRA:

Description

RSA private keys are written in /var/log/foreman/production.log which have a 644 default mode.


2018-08-01T07:51:30 [I|kat|] GET: https://foremanproxy01.mycompany.com/pulp/api/v2/repositories/f8a653cb-30f3-4a0e-8077-2c5398dfcddb/?details=true: {"content_type"=>"application/json", "accept"=>
"application/json"}
Response: 200: {"........

The JSON data sent as response to this GET request contains certificate and private key.
Maybe private keys should not be logged, or at a higher level. If I m not wrong, it s the "information" level but the answer payload is fully dumped in log file.

History
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Plugins » Katello

Custom queries

Feature #24506

filter out some RSA private keys which are logged by some /api/v2 requests

Updated by Jonathon Turel almost 7 years ago

Updated by Zach Huntington-Meath over 6 years ago

Updated by Ian Ballou 8 months ago