From f68675ee988b39bf6552fa0f1c6d4c893b513a12 Mon Sep 17 00:00:00 2001 From: Ryan Faircloth <35384120+rfaircloth-splunk@users.noreply.github.com> Date: Wed, 25 Sep 2019 17:06:29 -0400 Subject: [PATCH 1/2] Fix/rtd submodules (#94) Exclude submodules --- .readthedocs.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 .readthedocs.yml diff --git a/.readthedocs.yml b/.readthedocs.yml new file mode 100644 index 0000000..2880d22 --- /dev/null +++ b/.readthedocs.yml @@ -0,0 +1,12 @@ +version: 2 + +# Build documentation with MkDocs +mkdocs: + configuration: mkdocs.yml + +# Optionally build your docs in additional formats such as PDF and ePub + +formats: all + +submodules: + exclude: all \ No newline at end of file From 59c00503b4810be0803977b33c431403d7a4ad0a Mon Sep 17 00:00:00 2001 From: Ryan Faircloth <35384120+rfaircloth-splunk@users.noreply.github.com> Date: Fri, 27 Sep 2019 19:04:28 -0400 Subject: [PATCH 2/2] Feature/support tls listeners (#96) Add support for TLS listeners --- docker-compose.yml | 12 +++-- docs/Configuration.md | 9 ---- docs/configuration.md | 41 +++++++++++++++ docs/gettingstarted/docker-swarm-general.md | 25 ++++----- docs/gettingstarted/docker-swarm-rhel7.md | 25 +++++---- docs/gettingstarted/docker-systemd-general.md | 17 +++--- docs/gettingstarted/podman-systemd-general.md | 15 +++--- docs/troubleshooting.md | 17 ++++++ mkdocs.yml | 3 +- package/Dockerfile | 2 +- package/etc/conf.d/sources/network.conf.tmpl | 24 +++++++++ package/etc/templates/source_network.t | 22 ++++++++ package/sbin/entrypoint.sh | 1 + tls/server.key | 52 +++++++++++++++++++ tls/server.pem | 32 ++++++++++++ 15 files changed, 244 insertions(+), 53 deletions(-) delete mode 100644 docs/Configuration.md create mode 100644 docs/configuration.md create mode 100644 tls/server.key create mode 100644 tls/server.pem diff --git a/docker-compose.yml b/docker-compose.yml index c637ff6..a1fc681 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -30,11 +30,12 @@ services: RH_ACTIVATION: ${RH_ACTIVATION} hostname: sc4s ports: - - "514" - - "601" - - "514/udp" + - "514:514" + - "601:601" + - "514:514/udp" - "5000" - - "5000/udp" + - "5000:5000/udp" + - "6514:6514" stdin_open: true tty: true links: @@ -46,8 +47,11 @@ services: - SPLUNK_CONNECT_METHOD=${SPLUNK_CONNECT_METHOD} - SPLUNK_DEFAULT_INDEX=${SPLUNK_DEFAULT_INDEX} - SPLUNK_METRICS_INDEX=${SPLUNK_DEFAULT_INDEX} + - SC4S_SOURCE_TLS_ENABLE=yes - SC4S_DEST_SPLUNK_HEC_TLS_VERIFY=no - SC4S_LISTEN_JUNIPER_NETSCREEN_TCP_PORT=5000 + volumes: + - ./tls:/opt/syslog-ng/tls splunk: image: splunk/splunk:latest hostname: splunk diff --git a/docs/Configuration.md b/docs/Configuration.md deleted file mode 100644 index c8380d1..0000000 --- a/docs/Configuration.md +++ /dev/null @@ -1,9 +0,0 @@ - -| Variable | Values | Description | -|----------|---------------|-------------| -| SPLUNK_HEC_URL | url | URL(s) of the Splunk endpoint, can be a single URL space seperated list | -| SPLUNK_HEC_TOKEN | string | Splunk HTTP Event Collector Token | -| SC4S_DEST_SPLUNK_HEC_TLS_VERIFY | yes(default) or no | verify HTTP(s) certificate | -| SC4S_DEST_SPLUNK_HEC_CIPHER_SUITE | comma separated list | Open SSL cipher suite list | -| SC4S_DEST_SPLUNK_HEC_SSL_VERSION | comma separated list | Open SSL version list | -| SC4S_DEST_SPLUNK_HEC_TLS_CA_FILE | path | Custom trusted cert file | diff --git a/docs/configuration.md b/docs/configuration.md new file mode 100644 index 0000000..f314f89 --- /dev/null +++ b/docs/configuration.md @@ -0,0 +1,41 @@ +# Global Configuration + +| Variable | Values | Description | +|----------|---------------|-------------| +| SPLUNK_HEC_URL | url | URL(s) of the Splunk endpoint, can be a single URL space seperated list | +| SPLUNK_HEC_TOKEN | string | Splunk HTTP Event Collector Token | + + +# Splunk HEC destination Configuration + +| Variable | Values | Description | +|----------|---------------|-------------| +| SC4S_DEST_SPLUNK_HEC_TLS_VERIFY | yes(default) or no | verify HTTP(s) certificate | +| SC4S_DEST_SPLUNK_HEC_CIPHER_SUITE | comma separated list | Open SSL cipher suite list | +| SC4S_DEST_SPLUNK_HEC_SSL_VERSION | comma separated list | Open SSL version list | +| SC4S_DEST_SPLUNK_HEC_TLS_CA_FILE | path | Custom trusted cert file | + +# Syslog Source Configuration + +| Variable | Values/Default | Description | +|----------|----------------|-------------| +| SC4S_SOURCE_TLS_ENABLE | no(default) or yes | Enable a TLS listener on port 6514 | +| SC4S_SOURCE_TLS_OPTIONS | See openssl | List of SSl/TLS protocol versions to support | +| SC4S_SOURCE_TLS_CIPHER_SUITE | See openssl | List of Ciphers to support | +| SC4S_SOURCE_TCP_MAX_CONNECTIONS | 2000 | Max number of TCP Connections | +| SC4S_SOURCE_TCP_IW_SIZE | 20000000 | Initial Window size | +| SC4S_SOURCE_TCP_FETCH_LIMIT | 2000 | Number of events to fetch from server buffer at once | +| SC4S_SOURCE_UDP_SO_RCVBUFF | 425984 | UDP server buffer size in bytes | + + +# Syslog Source TLS Certificate Configuration + +* Create a folder ``/opt/sc4s/tls`` +* Save the server private key in PEM format with NO PASSWORD to ``/opt/sc4s/tls/server.key`` +* Save the server certificate in PEM format to ``/opt/sc4s/tls/server.pem`` +* Add the following line to ``/opt/sc4s/default/env_file`` + +```dotenv +SC4S_SOURCE_TLS_ENABLE=yes +``` + diff --git a/docs/gettingstarted/docker-swarm-general.md b/docs/gettingstarted/docker-swarm-general.md index b5e7306..3928114 100644 --- a/docs/gettingstarted/docker-swarm-general.md +++ b/docs/gettingstarted/docker-swarm-general.md @@ -28,11 +28,11 @@ services: env_file: - /opt/sc4s/env_file volumes: -#Uncomment the following line if overriding index destinations -# - ./context-local/splunk_index.csv:/opt/syslog-ng/etc/context-local/splunk_index.csv -#Uncomment the following lines if using a host or network based filter and log_path -# - ./context-local/vendor_product_by_source.csv:/opt/syslog-ng/etc/context-local/vendor_product_by_source.csv -# - ./context-local/vendor_product_by_source.conf:/opt/syslog-ng/etc/context-local/vendor_product_by_source.conf + - /opt/sc4s/default/splunk_index.csv:/opt/syslog-ng/etc/context-local/splunk_index.csv + - /opt/sc4s/default/vendor_product_by_source.csv:/opt/syslog-ng/etc/context-local/vendor_product_by_source.csv + - /opt/sc4s/default/vendor_product_by_source.conf:/opt/syslog-ng/etc/context-local/vendor_product_by_source.conf +#Uncomment the following line if custom TLS certs are provided + - /opt/sc4s/tls:/opt/syslog-ng/tls ``` @@ -55,7 +55,7 @@ SPLUNK_METRICS_INDEX=em_metrics Log paths are preconfigured to utilize a convention of index destinations that is suitable for most customers. This step is optional to allow customization of index destinations. -* Create a subdirectory called ``context-local`` in the directory (e.g. ``/opt/scs/``) created in the first step above. From this directory, +* Create a subdirectory called ``default`` in the directory (e.g. ``/opt/sc4s/``) created in the first step above. From this directory, execute the command below to download the index context file: ```bash @@ -68,7 +68,7 @@ sudo wget https://raw.githubusercontent.com/splunk/splunk-connect-for-syslog/mas Legacy sources and non-standard-compliant source require configuration by source IP or hostname as included in the event. The following steps apply to support such sources. To identify sources which require this step refer to the "sources" section of this documentation. -* If not already done in the step immediately above, create a subdirectory called ``context-local`` in the directory (e.g. ``/opt/sc4s/``) +* If not already done in the step immediately above, create a subdirectory called ``default`` in the directory (e.g. ``/opt/sc4s/``) created in the first step above. From this directory, execute the commands below to download the vendor context files: ```bash @@ -130,11 +130,12 @@ services: env_file: - /opt/sc4s/env_file volumes: -#Uncomment the following line if overriding index destinations -# - ./sc4s-juniper/splunk_index.csv:/opt/syslog-ng/etc/context-local/splunk_index.csv -#Uncomment the following lines if using a host or network based filter and log_path -# - ./sc4s-juniper/vendor_product_by_source.csv:/opt/syslog-ng/etc/context-local/vendor_product_by_source.csv -# - ./sc4s-juniper/vendor_product_by_source.conf:/opt/syslog-ng/etc/context-local/vendor_product_by_source.conf + - /opt/sc4s/default/splunk_index.csv:/opt/syslog-ng/etc/context-local/splunk_index.csv + - /opt/sc4s/default/vendor_product_by_source.csv:/opt/syslog-ng/etc/context-local/vendor_product_by_source.csv + - /opt/sc4s/default/vendor_product_by_source.conf:/opt/syslog-ng/etc/context-local/vendor_product_by_source.conf +#Uncomment the following line if custom TLS certs are provided + - /opt/sc4s/tls:/opt/syslog-ng/tls + ``` * Modify the following file ``/opt/sc4s/default/env_file`` after including the port-specific environment variable(s). diff --git a/docs/gettingstarted/docker-swarm-rhel7.md b/docs/gettingstarted/docker-swarm-rhel7.md index f837969..a9dbcc8 100644 --- a/docs/gettingstarted/docker-swarm-rhel7.md +++ b/docs/gettingstarted/docker-swarm-rhel7.md @@ -56,12 +56,11 @@ services: env_file: - /opt/sc4s/env_file volumes: -#Uncomment the following line if overriding index destinations -# - ./context-local/splunk_index.csv:/opt/syslog-ng/etc/context-local/splunk_index.csv -#Uncomment the following lines if using a host or network based filter and log_path -# - ./context-local/vendor_product_by_source.csv:/opt/syslog-ng/etc/context-local/vendor_product_by_source.csv -# - ./context-local/vendor_product_by_source.conf:/opt/syslog-ng/etc/context-local/vendor_product_by_source.conf - + - /opt/sc4s/default/splunk_index.csv:/opt/syslog-ng/etc/context-local/splunk_index.csv + - /opt/sc4s/default/vendor_product_by_source.csv:/opt/syslog-ng/etc/context-local/vendor_product_by_source.csv + - /opt/sc4s/default/vendor_product_by_source.conf:/opt/syslog-ng/etc/context-local/vendor_product_by_source.conf +#Uncomment the following line if custom TLS certs are provided + - /opt/sc4s/tls:/opt/syslog-ng/tls ``` ## Configure the SC4S environment @@ -84,7 +83,7 @@ SPLUNK_METRICS_INDEX=em_metrics Log paths are preconfigured to utilize a convention of index destinations that is suitable for most customers. This step is optional to allow customization of index destinations. -* Create a subdirectory called ``context-local`` in the directory (e.g. ``/opt/sc4s/``) created in the first step above. From this directory, +* Create a subdirectory called ``default`` in the directory (e.g. ``/opt/sc4s/``) created in the first step above. From this directory, execute the command below to download the index context file: ```bash @@ -97,7 +96,7 @@ sudo wget https://raw.githubusercontent.com/splunk/splunk-connect-for-syslog/mas Legacy sources and non-standard-compliant sources require configuration by source IP or hostname as included in the event. The following steps apply to support such sources. To identify sources which require this step refer to the "sources" section of this documentation. -* If not already done in the step immediately above, create a subdirectory called ``context-local`` in the directory (e.g. ``/opt/sc4s/``) +* If not already done in the step immediately above, create a subdirectory called ``default`` in the directory (e.g. ``/opt/sc4s/``) created in the first step above. From this directory, execute the commands below to download the vendor context files: ```bash @@ -158,11 +157,11 @@ services: env_file: - /opt/sc4s/env_file volumes: -#Uncomment the following line if overriding index destinations -# - ./sc4s-juniper/splunk_index.csv:/opt/syslog-ng/etc/context-local/splunk_index.csv -#Uncomment the following lines if using a host or network based filter and log_path -# - ./sc4s-juniper/vendor_product_by_source.csv:/opt/syslog-ng/etc/context-local/vendor_product_by_source.csv -# - ./sc4s-juniper/vendor_product_by_source.conf:/opt/syslog-ng/etc/context-local/vendor_product_by_source.conf + - /opt/sc4s/default/splunk_index.csv:/opt/syslog-ng/etc/context-local/splunk_index.csv + - /opt/sc4s/default/vendor_product_by_source.csv:/opt/syslog-ng/etc/context-local/vendor_product_by_source.csv + - /opt/sc4s/default/vendor_product_by_source.conf:/opt/syslog-ng/etc/context-local/vendor_product_by_source.conf +#Uncomment the following line if custom TLS certs are provided + - /opt/sc4s/tls:/opt/syslog-ng/tls ``` * Modify the following file ``/opt/sc4s/default/env_file`` diff --git a/docs/gettingstarted/docker-systemd-general.md b/docs/gettingstarted/docker-systemd-general.md index 5eed75d..9a683dd 100644 --- a/docs/gettingstarted/docker-systemd-general.md +++ b/docs/gettingstarted/docker-systemd-general.md @@ -22,9 +22,10 @@ Environment="SC4S_IMAGE=splunk/sc4s:latest" #Note Uncomment this line to use custom index names AND download the splunk_index.csv file template per getting started Environment="SC4S_UNIT_SPLUNK_INDEX=-v /opt/sc4s/default/splunk_index.csv:/opt/syslog-ng/etc/context-local/splunk_index.csv" -#Note Uncomment the following two linese for host and ip based source type mapping AND download the two file templates per getting started -#Environment="SC4S_UNIT_VP_CSV=-v /opt/sc4s/default/vendor_product_by_source.csv:/opt/syslog-ng/etc/context-local/vendor_product_by_source.csv" -#Environment="SC4S_UNIT_VP_CONF=-v /opt/sc4s/default/vendor_product_by_source.conf:/opt/syslog-ng/etc/context-local/vendor_product_by_source.conf" +Environment="SC4S_UNIT_VP_CSV=-v /opt/sc4s/default/vendor_product_by_source.csv:/opt/syslog-ng/etc/context-local/vendor_product_by_source.csv" +Environment="SC4S_UNIT_VP_CONF=-v /opt/sc4s/default/vendor_product_by_source.conf:/opt/syslog-ng/etc/context-local/vendor_product_by_source.conf" +#Uncomment the following line if custom TLS certs are provided +#Environment="SC4S_TLS_DIR=-v /opt/sc4s/tls:/opt/syslog-ng/tls" TimeoutStartSec=0 Restart=always @@ -32,12 +33,12 @@ Restart=always ExecStartPre=/usr/bin/docker pull $SC4S_IMAGE ExecStartPre=/usr/bin/docker run \ --env-file=/opt/sc4s/default/env_file \ - "$SC4S_UNIT_SPLUNK_INDEX" "$SC4S_UNIT_VP_CSV" "$SC4S_UNIT_VP_CONF" \ + "$SC4S_UNIT_SPLUNK_INDEX" "$SC4S_UNIT_VP_CSV" "$SC4S_UNIT_VP_CONF" "$SC4S_TLS_DIR" \ --name SC4S_preflight --rm \ $SC4S_IMAGE -s ExecStart=/usr/bin/docker run -p 514:514 \ --env-file=/opt/sc4s/default/env_file \ - "$SC4S_UNIT_SPLUNK_INDEX" "$SC4S_UNIT_VP_CSV" "$SC4S_UNIT_VP_CONF" \ + "$SC4S_UNIT_SPLUNK_INDEX" "$SC4S_UNIT_VP_CSV" "$SC4S_UNIT_VP_CONF" "$SC4S_TLS_DIR" \ --name SC4S \ --rm \ $SC4S_IMAGE @@ -122,18 +123,20 @@ Environment="SC4S_UNIT_SPLUNK_INDEX=-v /opt/sc4s/default/splunk_index.csv:/opt/s #Note Uncomment the following two linese for host and ip based source type mapping AND download the two file templates per getting started #Environment="SC4S_UNIT_VP_CSV=-v /opt/sc4s/default/vendor_product_by_source.csv:/opt/syslog-ng/etc/context-local/vendor_product_by_source.csv" #Environment="SC4S_UNIT_VP_CONF=-v /opt/sc4s/default/vendor_product_by_source.conf:/opt/syslog-ng/etc/context-local/vendor_product_by_source.conf" +#Uncomment the following line if custom TLS certs are provided +#Environment="SC4S_TLS_DIR=-v /opt/sc4s/tls:/opt/syslog-ng/tls" TimeoutStartSec=0 Restart=always ExecStartPre=/usr/bin/docker pull $SC4S_IMAGE ExecStartPre=/usr/bin/docker run \ --env-file=/opt/sc4s/default/env_file \ - "$SC4S_UNIT_SPLUNK_INDEX" "$SC4S_UNIT_VP_CSV" "$SC4S_UNIT_VP_CONF" \ + "$SC4S_UNIT_SPLUNK_INDEX" "$SC4S_UNIT_VP_CSV" "$SC4S_UNIT_VP_CONF" "$SC4S_TLS_DIR" \ --name SC4S_preflight --rm \ $SC4S_IMAGE -s ExecStart=/usr/bin/docker run -p 514:514 -p 5000-5020:5000-5020 \ --env-file=/opt/sc4s/default/env_file \ - "$SC4S_UNIT_SPLUNK_INDEX" "$SC4S_UNIT_VP_CSV" "$SC4S_UNIT_VP_CONF" \ + "$SC4S_UNIT_SPLUNK_INDEX" "$SC4S_UNIT_VP_CSV" "$SC4S_UNIT_VP_CONF" "$SC4S_TLS_DIR" \ --name SC4S \ --rm \ $SC4S_IMAGE diff --git a/docs/gettingstarted/podman-systemd-general.md b/docs/gettingstarted/podman-systemd-general.md index edfe47c..0ddb896 100644 --- a/docs/gettingstarted/podman-systemd-general.md +++ b/docs/gettingstarted/podman-systemd-general.md @@ -25,20 +25,21 @@ Environment="SC4S_UNIT_SPLUNK_INDEX=-v /opt/sc4s/default/splunk_index.csv:/opt/s #Note Uncomment the following two linese for host and ip based source type mapping AND download the two file templates per getting started #Environment="SC4S_UNIT_VP_CSV=-v /opt/sc4s/default/vendor_product_by_source.csv:/opt/syslog-ng/etc/context-local/vendor_product_by_source.csv" #Environment="SC4S_UNIT_VP_CONF=-v /opt/sc4s/default/vendor_product_by_source.conf:/opt/syslog-ng/etc/context-local/vendor_product_by_source.conf" +#Uncomment the following line if custom TLS certs are provided +#Environment="SC4S_TLS_DIR=-v /opt/sc4s/tls:/opt/syslog-ng/tls" TimeoutStartSec=0 Restart=always ExecStartPre=/usr/bin/podman pull $SC4S_IMAGE ExecStartPre=/usr/bin/podman run \ --env-file=/opt/sc4s/default/env_file \ - "$SC4S_UNIT_SPLUNK_INDEX" "$SC4S_UNIT_VP_CSV" "$SC4S_UNIT_VP_CONF" \ + "$SC4S_UNIT_SPLUNK_INDEX" "$SC4S_UNIT_VP_CSV" "$SC4S_UNIT_VP_CONF" "$SC4S_TLS_DIR" \ --name SC4S_preflight --rm \ $SC4S_IMAGE -s ExecStart=/usr/bin/podman run -p 514:514 \ --env-file=/opt/sc4s/default/env_file \ - "$SC4S_UNIT_SPLUNK_INDEX" "$SC4S_UNIT_VP_CSV" "$SC4S_UNIT_VP_CONF" \ - --name SC4S \ - --rm \ + "$SC4S_UNIT_SPLUNK_INDEX" "$SC4S_UNIT_VP_CSV" "$SC4S_UNIT_VP_CONF" "$SC4S_TLS_DIR" \ + --name SC4S --rm \ $SC4S_IMAGE ``` @@ -121,18 +122,20 @@ Environment="SC4S_UNIT_SPLUNK_INDEX=-v /opt/sc4s/default/splunk_index.csv:/opt/s #Note Uncomment the following two linese for host and ip based source type mapping AND download the two file templates per getting started #Environment="SC4S_UNIT_VP_CSV=-v /opt/sc4s/default/vendor_product_by_source.csv:/opt/syslog-ng/etc/context-local/vendor_product_by_source.csv" #Environment="SC4S_UNIT_VP_CONF=-v /opt/sc4s/default/vendor_product_by_source.conf:/opt/syslog-ng/etc/context-local/vendor_product_by_source.conf" +#Uncomment the following line if custom TLS certs are provided +#Environment="SC4S_TLS_DIR=-v /opt/sc4s/tls:/opt/syslog-ng/tls" TimeoutStartSec=0 Restart=always ExecStartPre=/usr/bin/podman pull $SC4S_IMAGE ExecStartPre=/usr/bin/podman run \ --env-file=/opt/sc4s/default/env_file \ - "$SC4S_UNIT_SPLUNK_INDEX" "$SC4S_UNIT_VP_CSV" "$SC4S_UNIT_VP_CONF" \ + "$SC4S_UNIT_SPLUNK_INDEX" "$SC4S_UNIT_VP_CSV" "$SC4S_UNIT_VP_CONF" "$SC4S_TLS_DIR" \ --name SC4S_preflight --rm \ $SC4S_IMAGE -s ExecStart=/usr/bin/podman run -p 514:514 -p 5000-5020:5000-5020 \ --env-file=/opt/sc4s/default/env_file \ - "$SC4S_UNIT_SPLUNK_INDEX" "$SC4S_UNIT_VP_CSV" "$SC4S_UNIT_VP_CONF" \ + "$SC4S_UNIT_SPLUNK_INDEX" "$SC4S_UNIT_VP_CSV" "$SC4S_UNIT_VP_CONF" "$SC4S_TLS_DIR" \ --name SC4S \ --rm \ $SC4S_IMAGE diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md index ff2258a..1a78b38 100644 --- a/docs/troubleshooting.md +++ b/docs/troubleshooting.md @@ -1,5 +1,22 @@ #Troubleshooting +## General + + +### Verification of TLS Server + +To verify the correct configuration of the TLS server use the following command. Replace the IP, FQDN, and port as appropriate + +* Docker +``` +docker run -ti drwetter/testssl.sh --severity MEDIUM --ip 127.0.0.1 selfsigned.example.com:6510 +``` + +* Podman +``` +podman run -ti drwetter/testssl.sh --severity MEDIUM --ip 127.0.0.1 selfsigned.example.com:6510 +``` + ## Syslog-ng Metrics ## Syslog-NG Events diff --git a/mkdocs.yml b/mkdocs.yml index 38dddfb..3e07a94 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -4,5 +4,6 @@ nav: - Home: 'index.md' - Performance: 'performance.md' - Getting Started: 'gettingstarted.md' + - Configuration: 'configuration.md' - Sources: 'sources.md' - - Troubleshooting: 'troubleshooting.md' \ No newline at end of file + - Troubleshooting: 'troubleshooting.md' diff --git a/package/Dockerfile b/package/Dockerfile index 3144c60..a5f67cc 100644 --- a/package/Dockerfile +++ b/package/Dockerfile @@ -67,7 +67,7 @@ RUN cd /tmp ;\ rm epel-release-latest-7.noarch.rpm ;\ rpm --import https://packages.confluent.io/rpm/5.2/archive.key ;\ yum install gcc tzdata libdbi libsecret libxml2 sqlite tcp_wrappers librdkafka \ - rh-python36 rh-python36-python-tools libcurl ivykis scl-utils tcp_wrappers-libs curl wget -y;\ + rh-python36 rh-python36-python-tools libcurl ivykis scl-utils tcp_wrappers-libs curl wget openssl -y;\ echo source scl_source enable rh-python36 >>/etc/profile.d/enablepython36.sh ;\ source scl_source enable rh-python36 diff --git a/package/etc/conf.d/sources/network.conf.tmpl b/package/etc/conf.d/sources/network.conf.tmpl index 9a20741..8c79a0a 100644 --- a/package/etc/conf.d/sources/network.conf.tmpl +++ b/package/etc/conf.d/sources/network.conf.tmpl @@ -39,6 +39,30 @@ source s_default-ports { chain-hostnames(off) flags(no-parse) ); + + {{- if eq (getenv "SC4S_SOURCE_TLS_ENABLE") "yes"}} + network( + port(6514) + transport("tls") + ip-protocol(4) + max-connections({{getenv "SC4S_SOURCE_TCP_MAX_CONNECTIONS" "2000"}}) + log-iw-size({{getenv "SC4S_SOURCE_TCP_IW_SIZE" "20000000"}}) + log-fetch-limit({{getenv "SC4S_SOURCE_TCP_FETCH_LIMIT" "2000"}}) + keep-hostname(yes) + keep-timestamp(yes) + use-dns(no) + use-fqdn(no) + chain-hostnames(off) + flags(no-parse) + tls(allow-compress(yes) + key-file("/opt/syslog-ng/tls/server.key") + cert-file("/opt/syslog-ng/tls/server.pem") + ssl-options({{- getenv "SC4S_SOURCE_TLS_OPTIONS" "no-sslv2, no-sslv3, no-tlsv1, no_tls1_1" }}) + cipher-suite("{{- getenv "SC4S_SOURCE_TLS_CIPHER_SUITE" "HIGH:!aNULL:!eNULL:!kECDH:!aDH:!RC4:!3DES:!CAMELLIA:!MD5:!PSK:!SRP:!KRB5:@STRENGTH" }}") + ) + ); + + {{- end }} }; #TODO: #60 Remove this function with enhancement rewrite(set_rfcnonconformant); diff --git a/package/etc/templates/source_network.t b/package/etc/templates/source_network.t index 022c929..2275bc2 100644 --- a/package/etc/templates/source_network.t +++ b/package/etc/templates/source_network.t @@ -33,6 +33,28 @@ source s_dedicated_port_{{ .port_id}} { chain-hostnames(off) flags(no-parse) ); +{{- end}} +{{- if ne (getenv (print "SC4S_LISTEN_" .port_id "_TLS_PORT") "no") "no" }} + network( + port({{getenv (print "SC4S_LISTEN_" .port_id "_TLS_PORT") }}) + transport("tls") + ip-protocol(4) + max-connections({{getenv "SC4S_SOURCE_TCP_MAX_CONNECTIONS" "2000"}}) + log-iw-size({{getenv "SC4S_SOURCE_TCP_IW_SIZE" "20000000"}}) + log-fetch-limit({{getenv "SC4S_SOURCE_TCP_FETCH_LIMIT" "2000"}}) + keep-hostname(yes) + keep-timestamp(yes) + use-dns(no) + use-fqdn(no) + chain-hostnames(off) + flags(no-parse) + tls(allow-compress(yes) + key-file("/opt/syslog-ng/tls/server.key") + cert-file("/opt/syslog-ng/tls/server.pem") + ssl-options({{- getenv "SC4S_SOURCE_TLS_OPTIONS" "no-sslv2, no-sslv3, no-tlsv1, no_tls1_1" }}) + cipher-suite("{{- getenv "SC4S_SOURCE_TLS_CIPHER_SUITE" "HIGH:!aNULL:!eNULL:!kECDH:!aDH:!RC4:!3DES:!CAMELLIA:!MD5:!PSK:!SRP:!KRB5:@STRENGTH" }}") + ) + ); {{- end}} }; #TODO: #60 Remove this function with enhancement diff --git a/package/sbin/entrypoint.sh b/package/sbin/entrypoint.sh index fe238e8..d100fc0 100755 --- a/package/sbin/entrypoint.sh +++ b/package/sbin/entrypoint.sh @@ -12,4 +12,5 @@ do --output-map="$d/{{ .in | strings.ReplaceAll \".conf.tmpl\" \".conf\" }}" done +echo syslog-ng started exec /opt/syslog-ng/sbin/syslog-ng $@ \ No newline at end of file diff --git a/tls/server.key b/tls/server.key new file mode 100644 index 0000000..9315308 --- /dev/null +++ b/tls/server.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDaA65ESMgb2hV4 +YOpdOzIv9gzE1yEvOCnXKwYnoX7wgJuSkIBjr4WfY6s+3tT8aBhdiwTkNhwX1JUp +birwiAUfVwHFP/ASach+Q4QeLqzM4xWX6pGPj2ZPY8B6rOOtBRCPIJ8EW1BIsY6T +cG09UUym6G/Lm25jta6YwOnXJDt42wkxeL1J4vZzanNypcoN53mUvb70JKkX2TN0 +up2sWTDENNJQVKThCUA0gjM1dck4V63lcluSe68HNXVUfbkH4ZphloBC2nFQrWPb +UmSV3vMLzT5SYRcVpCBpPSStflVhGZ4LWwe1WbxPAVYF3J1TyglfuJlUF7hJETct +7BjXaS0zxk06LvHLEWNR5Z2XQxTTlndpslhWiTmQ/RSOdtrq2bOKjvhBuuR3XoZg +phlo4zy6pawSKifZf4B7uAT505VaN6yFQPJbifLeJfts8/8mQLN4meooZqAFMJNF +q+WtvGTh3FcGiu025GvDPyx2b5bvoCmuEB1OcAGI9oXjg7IXBsakYksy9eRPSzVd +TxdSxr25PKqI4SDR4+NIo4GsR+Gghy9EQiY2O9vZaICE0U1oQrDEc4B7f9XCW2rt +Z4ZdygTCsk3ZAVKL2T2VrMcUqE4o4megReOPLuucQZmBx9ARfLv/F/rM4vDlLZzG +6Kzse8ixnSwKRY+HQ6WlJtcICzmq1QIDAQABAoICAQClV1tH8EbLULctx5qWwHlM +hHekpV9Gd3rL85ZEYidqcK8MFck5UPmvKyDJmqe/EZdBAljgVuUxcYj6ldG8//ua +jBsMpHQHEvD6SWwek9l7vdE3mK9ySBgYp5dnsk0tgATR97SB0lrt9rMhwIcolMrk +Xq3CpguvVS+oK85s2s671qp/OYmdSqMMXzRVQ8UcjGvZ0ZnLgS44pwJuScWg2zev +5juGrtsozCJEcGYz6jOEJoL826D1VBYnCnUEciDtCD1UO5bknNSJkiaERFWCkEaV +sb/NLFMcl4/5IGT7qy9HZ+1DwXL0J6034dSCt5Ed5cD8Nn0amK6rw4Gssz0XyW18 +SlfaC21HF4TFoENXVO8tJnZjZ+SOt5u+kQPUQZGjZUp01iEXD4Wkw+YBzvBaZF1C +FRqf3NBgnBUftzfjekQnJQJiXc3ImmqaNQ1KrWY117HCTjCh3BtLukKhbMcKmELP +9xt0T/RWY7SxRF7mwwWiTQYSN1svmt7Xo6yQkNfI3A8Z34w46YsnfVYP3ih3PnIb +FRHD1X5KsXu6Czc2dMzPgIXoujcCsZGG0BgoR4JHUN4+mEDJ0F2jv/3yomhoI4cE +0qXtXkwWmC+yIGIt9ZvtPmAUrBoROlbyQ+dX+nrJfEGPedCVOIHWcIqK+AzX9TpH +UD3/l0q4SFhhstUlOsqygQKCAQEA/oM+ViBUKL9blQKAqMQF7epfqXNLnQPzf84p +2KN8/Lqovh4y2CzE9D1jOeRoZ58MzQbgEAsfJWY/6N1VhxdMD6Jv5r2uEdjVScrj +aSSWvKfR2Qr1TpVIcSuB03Qt30c3v8hkp+ehV6RNX7skIkTkZJT+GBLYASx/+LRY +0gJciXd2nDXCzifS2nun0wzBVL1KILKArkerkIBK0pxTAjuusRY2yvA6GZNHz17n +0niv5F3IcmECBACv2zRa3216RebPq3ao/CihSxCnikej+XnOBCdb2iptrV1ddcx+ +7mHEvjm8kGROAJ97t5KsT4lFjpLbPRxR8hiCHZnsUhxXNar7dQKCAQEA20nVwcHh +mrfD9RMj86PIvc9QBQLnFYEodsSKPbcspD05hGLt12Xovvo+dvSbgcXPan20zm7s +kWFJgLvjROhQqkpAsuShUA4FLI/i8A2fUs7RVWkCNgHea13LiyQNnzq5FbHEfydR +nQS/XHZRH3kWwFCbB5AMdDpJvKhE0at5wfOTaYmQ8fLB+yuqLtj8iCMcOZiLr9On +Lzjh9OxIedUp7LD/vmyiF+i21sNyuztONCH8AckQC4wJRywBWup+mH3vGor6szcm +DwwKxDmTY4NQ9kbispdvGlOXpQYltE58F+b9zvg7rwx3ZDlBRV2l0E8hElZbK79B +FfOwaJ0qz5fl4QKCAQBB4S8NlCi0s3O9SnyLMtJmFzjT3+g+qHsrJe5nCUqdEKQF +MkPu+QeyQQGiRqFP0Te7CoCNJpPVVnZMjJ5K7ZjeoylcDNU2AW6UP1RGLxZllvsW +t2NwB+xMfvqIBZaqKQEhP3nujGKTERCGKybbSAHmlzp+eMI464/kjKpBEiNp4eZt +4Oyf+Gb37vIuCyswCB9b/1iXxC2ApfS4N4a1GUXKyPk95pjjbeA0qVhQfrTo4+2y +zbF738GleBPdqbTwyyIOPBTZ0JqPl6wGeyzSstjE8nswKbNiILzEdT6V7fDDXKaW +qaAXQTEA/5JitCGxGgpt8xqzE+z6RJGLX5KjbbLRAoIBAQC17vM21sl7WL1uhhvM +1vUEbYyhK8BXOho9N2DORTv3Y4hlysIzdCx+zhWnEdg2+cvVOUgaATOqhkG6Waf8 +EpZiQkqdYUxoo8ktKI+KxHKL/GT27LFV54UGJQJrhVT753eJhTxWlmOC116AsvUp +HIiAtB97TcrXX0iwChdWsWLKRHDoHacw5UyFO7vtND+IH0Eak/JIxVwutI3ba3HS +CsXGxy7XaT+ugHe5hNyadGC0pgFz5cG3Is7LyrmxGV5A3DLVHbtTlwyvbTk9hds/ +s8InIbaRn0whVns5AfmkN32DQzUOUysJV1lywIHjsAeS5SO2GAl6KSoxsUWJ9eN/ +6jFhAoIBACwqqF8W2HTX0DHIFjkMUgPwGO37PpiJYSLMo8oVzjppfxIm9FbMw18S +qXZkacYwwZl8tcglH5snGc9UvNld5vt1a6oqAWSyjuT9Rkf22cq3fwWTJU5GI24J ++xTDzzcnXASXuppb9I3vO8800tyT8xtG0kOUi2IsZWEWoII4HHc6yJP1eloVvmNF +xKqjvo7DAnf2CW/6UwRG51ISWvzLhm8PZxPbUgNMB9aLRN990d4AIHKA6XBsKXpl +uVbL6KNAMnEu3jev/enVd8YKVIr4jXs0sQ6pbr7WZLEhIxqrLWpmYF8pyePYpVyj +Hln7jcXWCxi70rPNoY/UFhuXGtqe44M= +-----END PRIVATE KEY----- diff --git a/tls/server.pem b/tls/server.pem new file mode 100644 index 0000000..09bcdbe --- /dev/null +++ b/tls/server.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFkTCCA3mgAwIBAgIJAIPmqPtsWWuIMA0GCSqGSIb3DQEBCwUAMF8xCzAJBgNV +BAYTAk5BMQ0wCwYDVQQIDAROb25lMREwDwYDVQQHDAhJbnN0YW5jZTENMAsGA1UE +CgwEU0M0UzEfMB0GA1UEAwwWc2VsZnNpZ25lZC5leGFtcGxlLmNvbTAeFw0xOTA5 +MjcwMDE2NDFaFw0yMDA5MjYwMDE2NDFaMF8xCzAJBgNVBAYTAk5BMQ0wCwYDVQQI +DAROb25lMREwDwYDVQQHDAhJbnN0YW5jZTENMAsGA1UECgwEU0M0UzEfMB0GA1UE +AwwWc2VsZnNpZ25lZC5leGFtcGxlLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP +ADCCAgoCggIBANoDrkRIyBvaFXhg6l07Mi/2DMTXIS84KdcrBiehfvCAm5KQgGOv +hZ9jqz7e1PxoGF2LBOQ2HBfUlSluKvCIBR9XAcU/8BJpyH5DhB4urMzjFZfqkY+P +Zk9jwHqs460FEI8gnwRbUEixjpNwbT1RTKbob8ubbmO1rpjA6dckO3jbCTF4vUni +9nNqc3Klyg3neZS9vvQkqRfZM3S6naxZMMQ00lBUpOEJQDSCMzV1yThXreVyW5J7 +rwc1dVR9uQfhmmGWgELacVCtY9tSZJXe8wvNPlJhFxWkIGk9JK1+VWEZngtbB7VZ +vE8BVgXcnVPKCV+4mVQXuEkRNy3sGNdpLTPGTTou8csRY1HlnZdDFNOWd2myWFaJ +OZD9FI522urZs4qO+EG65HdehmCmGWjjPLqlrBIqJ9l/gHu4BPnTlVo3rIVA8luJ +8t4l+2zz/yZAs3iZ6ihmoAUwk0Wr5a28ZOHcVwaK7Tbka8M/LHZvlu+gKa4QHU5w +AYj2heODshcGxqRiSzL15E9LNV1PF1LGvbk8qojhINHj40ijgaxH4aCHL0RCJjY7 +29logITRTWhCsMRzgHt/1cJbau1nhl3KBMKyTdkBUovZPZWsxxSoTijiZ6BF448u +65xBmYHH0BF8u/8X+szi8OUtnMborOx7yLGdLApFj4dDpaUm1wgLOarVAgMBAAGj +UDBOMB0GA1UdDgQWBBQ1lHUvPVYy4V09TiKABXKKqiXM0zAfBgNVHSMEGDAWgBQ1 +lHUvPVYy4V09TiKABXKKqiXM0zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUA +A4ICAQCXRhcKkr5e5CNEx6qe3pHrPkoXbtzqReuQxcdJNOSU+BuJBSGEREtoF1X1 +J5dzXjdiFgB00Cmy3+neIjDVbuxoGNUkbcpHDGxspPiDxFmtiYkAcCIWinvlYItq +K3uVxH+x5BcCEa8ULZa6/tMI6FWjwTMNUR/cUOth1OjBm9PB+RQOAX3csOQeu8AW +TTVzyoG5Gvrg22MOPlS8h87SOAhEKxL/n/KhUNtp5h13DAZzs6f3g/djq7ni6qyY +mx9qR4SoMZCONZlydtKM6xiqlZK+LgVujXMn/Sysiw6c55ShHO561+AgK8Gv5pJo +ZEWNPkZwV+rZ3EN6JxAKwetCCr4UwYCy2DIMK4+eMrrVf0gEOk4wu6D5VLyA5IqA +HJckBJ4JPCFjM8FBO8s48U+5cncs22OoG43wubMVwkkbwX8E7bHxKiep4xIpBC+R +8uNSn8wMmguQisGZX528jhx7sGwxShyioVYxD9iOdTcY4GWIwxpN0QWoTSBRBnwH +ZNVvwE88Vya94rKNiYccmulsbPKKJNYael1izo0jCO8M+EDFe+zuuhP9wp0vyW4g +EvIce6XYY/WK3e0sZxCgEt9FKUatbPEqzEGJUdOxvX4mnbFOo7YR+8kRKb/0bTy5 +QUVw3WjP6EfqgoJVf+QLF2bY600KmB0xM1WXSvDICp5wkDml+A== +-----END CERTIFICATE-----