Re: [systemd-devel] how to encrypt journalctl metadata

2016-08-18 Thread Lennart Poettering 
On Thu, 18.08.16 15:55, Mikhail Kasimov (mikhail.kasi...@gmail.com) wrote:

> Hello!
> Personally, don't we have philosophical contradiction here? -- Journal is
> positioned as syslog alternative with more wide functionality, but in
> current case we offer to turn off whole journal to make functionality only
> as transport. No problem, but is RFE to incorporate ExcludeMetaData=
> parameter to /journald.conf acceptable here?

No, we explicitly never had the goal to be as featureful as rsyslog or
syslog-ng. The journal has a different feature set, and puts a strong
emphasis on structured log events, implicit metadata and indexed
lookups. It's completely OK if people look for a different feature set
and it's easy to install a different logger side-by-side to journald
and it will get all the same data the journal gets.

Quite frankly, I am very much against turning the journal into
something that processes log data at collection time with matches and
regexes and suchlike. If you don't want the journal to collect
metadata, then the journal is probably not the tool you want, but
something else, and in that case turn stroage in it off, and just use
it as a multiplexer that collects data from all the various sources
and passes it to the syslog implementation of your choice.

Of course, you'll lose all the journal hook-up in tools like
"systemctl status" if you don#t use the journal, but I think that's a
fair deal. 

Lennart

-- 
Lennart Poettering, Red Hat
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] how to encrypt journalctl metadata

2016-08-18 Thread Mikhail Kasimov 

Ok, thanks for making this aspect more clear!


18.08.2016 18:00, Lennart Poettering пишет:

On Thu, 18.08.16 15:55, Mikhail Kasimov (mikhail.kasi...@gmail.com) wrote:


Hello!
Personally, don't we have philosophical contradiction here? -- Journal is
positioned as syslog alternative with more wide functionality, but in
current case we offer to turn off whole journal to make functionality only
as transport. No problem, but is RFE to incorporate ExcludeMetaData=
parameter to /journald.conf acceptable here?

No, we explicitly never had the goal to be as featureful as rsyslog or
syslog-ng. The journal has a different feature set, and puts a strong
emphasis on structured log events, implicit metadata and indexed
lookups. It's completely OK if people look for a different feature set
and it's easy to install a different logger side-by-side to journald
and it will get all the same data the journal gets.

Quite frankly, I am very much against turning the journal into
something that processes log data at collection time with matches and
regexes and suchlike. If you don't want the journal to collect
metadata, then the journal is probably not the tool you want, but
something else, and in that case turn stroage in it off, and just use
it as a multiplexer that collects data from all the various sources
and passes it to the syslog implementation of your choice.

Of course, you'll lose all the journal hook-up in tools like
"systemctl status" if you don#t use the journal, but I think that's a
fair deal.

Lennart



___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] how to encrypt journalctl metadata

2016-08-18 Thread Mikhail Kasimov 

Hello!
Personally, don't we have philosophical contradiction here? -- Journal 
is positioned as syslog alternative with more wide functionality, but in 
current case we offer to turn off whole journal to make functionality 
only as transport. No problem, but is RFE to incorporate 
ExcludeMetaData= parameter to /journald.conf acceptable here?



Syntax: ExcludeMetaData=[meta[=keyword1,keyword2,...keywordN]]

For current usecase: ExcludeMetaData=_CMDLINE. Or, to make it more 
flexible: ExcludeMetaData=_CMDLINE=[keyword1],[keyword2],...[keywordN].


E.g.:
===
ExcludeMetaData=_CMDLINE=pass,password
ExcludeMetaData=_UID=1000,k_mikhail
===

to exclude defined parameters. Or:

===
ExcludeMetaData=_CMDLINE
ExcludeMetaData=_UID
===

to exclude common (whole) metadata.

Acceptable?

18.08.2016 14:25, Lennart Poettering пишет:

On Wed, 17.08.16 12:10, Divya Thaluru (divya.thal...@gmail.com) wrote:


Hi,

Journalctl stores metadata like "_UID,_GID,_CMDLINE,_SYSTEMD_CGROUP etc…"
for each message. Is there any way, can we encrypt metadata (commandline
info) so sensitive information wont be stored.

If encryption of metadata is not possible, can we disable collecting the
metadata?

The journal does not support encryption, and it does not disable
collecting metadata implicitly. You may however turn off all storage
by the journal by setting Storage=none in journald.conf. In that mode
you may optionally connect another syslog daemon to it via
ForwardToSyslog=yes, which implements the features you are looking for.

Lennart



___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] how to encrypt journalctl metadata

2016-08-18 Thread Lennart Poettering 
On Wed, 17.08.16 13:02, Divya Thaluru (divya.thal...@gmail.com) wrote:

> Thanks Mantas!!! In my case, metadata "cmdline" had sensitive information
> which I am not intended to store. Is there any way to disable collecting
> metadata?

If your cmdline field contains sensitive information then you really
should work on that and not include the sensitive information
there. The cmdline field is generally exposed to user users, and hence
unsafe for passwords and suchlike, regardless if you use the journal
or not.

Lennart

-- 
Lennart Poettering, Red Hat
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] how to encrypt journalctl metadata

2016-08-18 Thread Lennart Poettering 
On Wed, 17.08.16 12:10, Divya Thaluru (divya.thal...@gmail.com) wrote:

> Hi,
> 
> Journalctl stores metadata like "_UID,_GID,_CMDLINE,_SYSTEMD_CGROUP etc…"
> for each message. Is there any way, can we encrypt metadata (commandline
> info) so sensitive information wont be stored.
> 
> If encryption of metadata is not possible, can we disable collecting the
> metadata?

The journal does not support encryption, and it does not disable
collecting metadata implicitly. You may however turn off all storage
by the journal by setting Storage=none in journald.conf. In that mode
you may optionally connect another syslog daemon to it via
ForwardToSyslog=yes, which implements the features you are looking for.

Lennart

-- 
Lennart Poettering, Red Hat
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] how to encrypt journalctl metadata

2016-08-17 Thread Mantas Mikulėnas 
On Wed, Aug 17, 2016 at 10:10 PM, Divya Thaluru 
wrote:

> Hi,
>
> Journalctl stores metadata like "_UID,_GID,_CMDLINE,_SYSTEMD_CGROUP etc…"
> for each message. Is there any way, can we encrypt metadata (commandline
> info) so sensitive information wont be stored.
>
> If encryption of metadata is not possible, can we disable collecting the
> metadata?
>

Store your logs in a LUKS volume. There's no built-in encryption in
journald.

And... quite frankly, I cannot imagine how service name or its UID would be
more sensitive than the messages themselves? It seems the opposite of every
single system I've seen. The *messages* often contain sensitive
information, whereas PIDs or service names are mostly generic info.

Just set up a LUKS container for /var/log.

-- 
Mantas Mikulėnas 
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] how to encrypt journalctl metadata

2016-08-17 Thread Divya Thaluru 
Thanks Mantas!!! In my case, metadata "cmdline" had sensitive information
which I am not intended to store. Is there any way to disable collecting
metadata?

Thanks,
Divya



On Wed, Aug 17, 2016 at 12:55 PM, Mantas Mikulėnas 
wrote:

> On Wed, Aug 17, 2016 at 10:10 PM, Divya Thaluru 
> wrote:
>
>> Hi,
>>
>> Journalctl stores metadata like "_UID,_GID,_CMDLINE,_SYSTEMD_CGROUP
>> etc…" for each message. Is there any way, can we encrypt metadata
>> (commandline info) so sensitive information wont be stored.
>>
>> If encryption of metadata is not possible, can we disable collecting the
>> metadata?
>>
>
> Store your logs in a LUKS volume. There's no built-in encryption in
> journald.
>
> And... quite frankly, I cannot imagine how service name or its UID would
> be more sensitive than the messages themselves? It seems the opposite of
> every single system I've seen. The *messages* often contain sensitive
> information, whereas PIDs or service names are mostly generic info.
>
> Just set up a LUKS container for /var/log.
>
> --
> Mantas Mikulėnas 
>
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel