[
https://issues.apache.org/jira/browse/MINIFICPP-1579?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ferenc Gerlits updated MINIFICPP-1579:
--------------------------------------
Description:
It'd be useful to add the fingerprint of the configuration file(s) of the agent
and have this information as part of the heartbeat. This would be used to make
sure no one is changing the configuration files locally for agents deployed on
non trusted hosts.
Proposal: add a new top-level section to the heartbeat, both short and full,
like this:
{noformat}
},
"flowId": "908ae39a-c833-11eb-97a2-5c879c2c3c60"
},
+ "configFileInfo": {
+ "SHA256Sums": {
+ "minifi.properties":
"183d2a43c77e429f3448c99cd80c0700bf858436793f0443c980a8a190ab13c7",
+ "minifi-log.properties":
"e6d5346f50170a758092fe9dd7f84a59367cf32fa33ef43953ee21236db26be4",
+ "minifi-uid.properties":
"d7f563cff464f20494f907cfc829e36250c95e902231f3487d26f4c0dfdcda68",
+ "configure.yml":
"634efcf2af76db967f4189c6318b77f03f7cae5bb1c3de1200a10014d0fc0ca4"
+ }
+ },
"metrics": {
"RuntimeMetrics": {
"ProcessMetrics": {
{noformat}
was:
It'd be useful to add the fingerprint of the configuration file(s) of the agent
and have this information as part of the heartbeat. This would be used to make
sure no one is changing the configuration files locally for agents deployed on
non trusted hosts.
TBD: A strong enough algorithm should be used to make sure this can't be
spoofed (SHA256 or 512?). Or the value could be signed?
TBD: Do we need both the properties file and the config.yml file, or only the
properties file? (and does "properties file" mean all of minifi.properties,
minifi-log.properties, minifi-uid.properties, bootstrap.conf? – probably yes)
> Fingerprinting of the conf file in agent's heartbeat
> ----------------------------------------------------
>
> Key: MINIFICPP-1579
> URL: https://issues.apache.org/jira/browse/MINIFICPP-1579
> Project: Apache NiFi MiNiFi C++
> Issue Type: Task
> Reporter: Ferenc Gerlits
> Assignee: Ferenc Gerlits
> Priority: Major
> Fix For: 0.11.0
>
>
> It'd be useful to add the fingerprint of the configuration file(s) of the
> agent and have this information as part of the heartbeat. This would be used
> to make sure no one is changing the configuration files locally for agents
> deployed on non trusted hosts.
> Proposal: add a new top-level section to the heartbeat, both short and full,
> like this:
> {noformat}
> },
> "flowId": "908ae39a-c833-11eb-97a2-5c879c2c3c60"
> },
> + "configFileInfo": {
> + "SHA256Sums": {
> + "minifi.properties":
> "183d2a43c77e429f3448c99cd80c0700bf858436793f0443c980a8a190ab13c7",
> + "minifi-log.properties":
> "e6d5346f50170a758092fe9dd7f84a59367cf32fa33ef43953ee21236db26be4",
> + "minifi-uid.properties":
> "d7f563cff464f20494f907cfc829e36250c95e902231f3487d26f4c0dfdcda68",
> + "configure.yml":
> "634efcf2af76db967f4189c6318b77f03f7cae5bb1c3de1200a10014d0fc0ca4"
> + }
> + },
> "metrics": {
> "RuntimeMetrics": {
> "ProcessMetrics": {
> {noformat}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
