subject:"\[graylog2\] Need some help disabling ciphers and algorithms"

Re: [graylog2] Need some help disabling ciphers and algorithms

2016-06-27 Thread Ragnar

Ah great, I'll give that a try and report back, thanks a lot.

On Monday, June 27, 2016 at 5:16:25 PM UTC+3, Marius Sturm wrote:
>
> Ah ok, than you can use the advanced attributes in 
> /etc/graylog/graylog-settings.json and modify these values: 
> https://github.com/Graylog2/omnibus-graylog2/blob/2.0/files/graylog-cookbooks/graylog/attributes/default.rb#L47-L48
>
> On 27 June 2016 at 16:06, Ragnar  
> wrote:
>
>> Hi Marius,
>>
>> Just for the web interface, our security department flagged the system as 
>> being vulnerable to heartbleed/POODLE/FROWN etc. because SSLv2 and SSLv3 
>> are enabled (along with weak RC4 ciphers). 
>>
>> On Monday, June 27, 2016 at 3:59:56 PM UTC+3, Marius Sturm wrote:
>>>
>>> @Ragnar do you try to disable the cipher algorithms for the web 
>>> interface or for an log input? Because the web interface on the appliances 
>>> is TLS terminated by the Nginx that is also installed. The inputs are 
>>> served directly by Graylog's java process, that whould be a differnet 
>>> setting.
>>>
>>> On 27 June 2016 at 13:46, Jan Doberstein  wrote:
>>>
 Hej Ragnar,



 On 25. Juni 2016 at 14:13:32, Ragnar (invalid...@gmail.com) wrote:
 > Steps Tried:
 > 1. Created a security.properties file using the exact example
 > (un-commenting out the relevant lines) and put it in the
 > /opt/graylog/server directory
 > 2. Ran the command java
 > -Djava.security.properties=/opt/graylog/server/security.properties 
 -jar
 > /opt/graylog/server/graylog.jar server
 >
 > Received an error staying that etc/graylog/server/server.conf didn't 
 exist
 > so I created it
 >
 > 3. Ran the command java
 > -Djava.security.properties=/opt/graylog/server/security.properties 
 -jar
 > /opt/graylog/server/graylog.jar server again and now I get the error:

 > Any ideas?

 you need to add as additional startup parameter to graylog!

 as you use graylog OVA image i had created this issue:
 https://github.com/Graylog2/omnibus-graylog2/issues/31

 because this is not save possible.

 /jd

 --
 You received this message because you are subscribed to the Google 
 Groups "Graylog Users" group.
 To unsubscribe from this group and stop receiving emails from it, send 
 an email to graylog2+u...@googlegroups.com.
 To view this discussion on the web visit 
 https://groups.google.com/d/msgid/graylog2/CAGm-bLb4v0JHLz5acB2A6s6dYqH31fNUU_Y3OM8PVijFYhCD3w%40mail.gmail.com
 .
 For more options, visit https://groups.google.com/d/optout.

>>>
>>>
>>>
>>> -- 
>>> Developer
>>>
>>> Tel.: +49 (0)40 609 452 077
>>> Fax.: +49 (0)40 609 452 078
>>>
>>> TORCH GmbH - A Graylog Company
>>> Poolstraße 21
>>> 20335 Hamburg
>>> Germany
>>>
>>> https://www.graylog.com 
>>>
>>> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
>>> Geschäftsführer: Lennart Koopmann (CEO)
>>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Graylog Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to graylog2+u...@googlegroups.com .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/graylog2/2bf726e3-095e-4a13-a5a6-da07c70783c9%40googlegroups.com
>>  
>> 
>> .
>>
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> -- 
> Developer
>
> Tel.: +49 (0)40 609 452 077
> Fax.: +49 (0)40 609 452 078
>
> TORCH GmbH - A Graylog Company
> Poolstraße 21
> 20335 Hamburg
> Germany
>
> https://www.graylog.com 
>
> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
> Geschäftsführer: Lennart Koopmann (CEO)
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/d785f608-61be-4768-843e-f67c112b8c3a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Need some help disabling ciphers and algorithms

2016-06-27 Thread Ragnar

Hi Marius,

Just for the web interface, our security department flagged the system as 
being vulnerable to heartbleed/POODLE/FROWN etc. because SSLv2 and SSLv3 
are enabled (along with weak RC4 ciphers). 

On Monday, June 27, 2016 at 3:59:56 PM UTC+3, Marius Sturm wrote:
>
> @Ragnar do you try to disable the cipher algorithms for the web interface 
> or for an log input? Because the web interface on the appliances is TLS 
> terminated by the Nginx that is also installed. The inputs are served 
> directly by Graylog's java process, that whould be a differnet setting.
>
> On 27 June 2016 at 13:46, Jan Doberstein  
> wrote:
>
>> Hej Ragnar,
>>
>>
>>
>> On 25. Juni 2016 at 14:13:32, Ragnar (invalid...@gmail.com ) 
>> wrote:
>> > Steps Tried:
>> > 1. Created a security.properties file using the exact example
>> > (un-commenting out the relevant lines) and put it in the
>> > /opt/graylog/server directory
>> > 2. Ran the command java
>> > -Djava.security.properties=/opt/graylog/server/security.properties -jar
>> > /opt/graylog/server/graylog.jar server
>> >
>> > Received an error staying that etc/graylog/server/server.conf didn't 
>> exist
>> > so I created it
>> >
>> > 3. Ran the command java
>> > -Djava.security.properties=/opt/graylog/server/security.properties -jar
>> > /opt/graylog/server/graylog.jar server again and now I get the error:
>>
>> > Any ideas?
>>
>> you need to add as additional startup parameter to graylog!
>>
>> as you use graylog OVA image i had created this issue:
>> https://github.com/Graylog2/omnibus-graylog2/issues/31
>>
>> because this is not save possible.
>>
>> /jd
>>
>> --
>> You received this message because you are subscribed to the Google Groups 
>> "Graylog Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to graylog2+u...@googlegroups.com .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/graylog2/CAGm-bLb4v0JHLz5acB2A6s6dYqH31fNUU_Y3OM8PVijFYhCD3w%40mail.gmail.com
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> -- 
> Developer
>
> Tel.: +49 (0)40 609 452 077
> Fax.: +49 (0)40 609 452 078
>
> TORCH GmbH - A Graylog Company
> Poolstraße 21
> 20335 Hamburg
> Germany
>
> https://www.graylog.com 
>
> Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
> Geschäftsführer: Lennart Koopmann (CEO)
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/2bf726e3-095e-4a13-a5a6-da07c70783c9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Need some help disabling ciphers and algorithms

2016-06-27 Thread Ragnar

Hey Jan,

Thanks for your reply, so if I understand correctly this is only possible 
(currently) for non-OVA implementations, is that correct?


On Monday, June 27, 2016 at 2:46:29 PM UTC+3, Jan Doberstein wrote:
>
> Hej Ragnar, 
>
>
>
> On 25. Juni 2016 at 14:13:32, Ragnar (invalid...@gmail.com ) 
> wrote: 
> > Steps Tried: 
> > 1. Created a security.properties file using the exact example 
> > (un-commenting out the relevant lines) and put it in the 
> > /opt/graylog/server directory 
> > 2. Ran the command java 
> > -Djava.security.properties=/opt/graylog/server/security.properties -jar 
> > /opt/graylog/server/graylog.jar server 
> > 
> > Received an error staying that etc/graylog/server/server.conf didn't 
> exist 
> > so I created it 
> > 
> > 3. Ran the command java 
> > -Djava.security.properties=/opt/graylog/server/security.properties -jar 
> > /opt/graylog/server/graylog.jar server again and now I get the error: 
>
> > Any ideas? 
>
> you need to add as additional startup parameter to graylog! 
>
> as you use graylog OVA image i had created this issue: 
> https://github.com/Graylog2/omnibus-graylog2/issues/31 
>
> because this is not save possible. 
>
> /jd 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/8cb40ba9-b403-49a2-971f-a04fe5752e68%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Need some help disabling ciphers and algorithms

2016-06-27 Thread Marius Sturm

@Ragnar do you try to disable the cipher algorithms for the web interface
or for an log input? Because the web interface on the appliances is TLS
terminated by the Nginx that is also installed. The inputs are served
directly by Graylog's java process, that whould be a differnet setting.

On 27 June 2016 at 13:46, Jan Doberstein  wrote:

> Hej Ragnar,
>
>
>
> On 25. Juni 2016 at 14:13:32, Ragnar (invalid.nore...@gmail.com) wrote:
> > Steps Tried:
> > 1. Created a security.properties file using the exact example
> > (un-commenting out the relevant lines) and put it in the
> > /opt/graylog/server directory
> > 2. Ran the command java
> > -Djava.security.properties=/opt/graylog/server/security.properties -jar
> > /opt/graylog/server/graylog.jar server
> >
> > Received an error staying that etc/graylog/server/server.conf didn't
> exist
> > so I created it
> >
> > 3. Ran the command java
> > -Djava.security.properties=/opt/graylog/server/security.properties -jar
> > /opt/graylog/server/graylog.jar server again and now I get the error:
>
> > Any ideas?
>
> you need to add as additional startup parameter to graylog!
>
> as you use graylog OVA image i had created this issue:
> https://github.com/Graylog2/omnibus-graylog2/issues/31
>
> because this is not save possible.
>
> /jd
>
> --
> You received this message because you are subscribed to the Google Groups
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to graylog2+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/graylog2/CAGm-bLb4v0JHLz5acB2A6s6dYqH31fNUU_Y3OM8PVijFYhCD3w%40mail.gmail.com
> .
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Developer

Tel.: +49 (0)40 609 452 077
Fax.: +49 (0)40 609 452 078

TORCH GmbH - A Graylog Company
Poolstraße 21
20335 Hamburg
Germany

https://www.graylog.com 

Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175
Geschäftsführer: Lennart Koopmann (CEO)

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CAMqbBb%2BKxoAYzGJB-mXdM0jkG%3Dn2aopiRq1ESeD5VrT__eqd1A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Need some help disabling ciphers and algorithms

2016-06-27 Thread Jan Doberstein

Hej Ragnar,



On 25. Juni 2016 at 14:13:32, Ragnar (invalid.nore...@gmail.com) wrote:
> Steps Tried:
> 1. Created a security.properties file using the exact example
> (un-commenting out the relevant lines) and put it in the
> /opt/graylog/server directory
> 2. Ran the command java
> -Djava.security.properties=/opt/graylog/server/security.properties -jar
> /opt/graylog/server/graylog.jar server
>
> Received an error staying that etc/graylog/server/server.conf didn't exist
> so I created it
>
> 3. Ran the command java
> -Djava.security.properties=/opt/graylog/server/security.properties -jar
> /opt/graylog/server/graylog.jar server again and now I get the error:

> Any ideas?

you need to add as additional startup parameter to graylog!

as you use graylog OVA image i had created this issue:
https://github.com/Graylog2/omnibus-graylog2/issues/31

because this is not save possible.

/jd

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/CAGm-bLb4v0JHLz5acB2A6s6dYqH31fNUU_Y3OM8PVijFYhCD3w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[graylog2] Need some help disabling ciphers and algorithms

2016-06-25 Thread Ragnar

Using graylog-2.0.3-1.ova in VMware ESXi 5.5 U2

Complete newbie, loving what I see so far. Having some issues disabling
SSLv2, SSLv3 etc. and hoping someone have managed to get this working.

Documentation:
1.Followed the section here:
http://docs.graylog.org/en/2.0/pages/configuration/https.html#certificate-key-file-format

for Disabling specific TLS ciphers and algorithms
2. Using the example config file here:
https://github.com/Graylog2/graylog2-server/blob/2.0/misc/security.properties

Steps Tried:
1. Created a security.properties file using the exact example
(un-commenting out the relevant lines) and put it in the
/opt/graylog/server directory
2. Ran the command java
-Djava.security.properties=/opt/graylog/server/security.properties -jar
/opt/graylog/server/graylog.jar server

Received an error staying that etc/graylog/server/server.conf didn't exist
so I created it

3. Ran the command java
-Djava.security.properties=/opt/graylog/server/security.properties -jar
/opt/graylog/server/graylog.jar server again and now I get the error:

2016-06-25 15:12:31,217 WARN : org.graylog2.shared.plugins.PluginLoader -
Plugin directory /opt/graylog/embedded/jre/jre/bin/plugin does not exist,
not loading plugins.
2016-06-25 15:12:31,221 ERROR: org.graylog2.bootstrap.CmdLineTool - Invalid
configuration
com.github.joschi.jadconfig.ParameterException: Required parameter
"password_secret" not found.
at
com.github.joschi.jadconfig.JadConfig.processClassFields(JadConfig.java:127)
~[graylog.jar:?]
at com.github.joschi.jadconfig.JadConfig.process(JadConfig.java:99)
~[graylog.jar:?]
at
org.graylog2.bootstrap.CmdLineTool.processConfiguration(CmdLineTool.java:351)
[graylog.jar:?]
at
org.graylog2.bootstrap.CmdLineTool.readConfiguration(CmdLineTool.java:344)
[graylog.jar:?]
at org.graylog2.bootstrap.CmdLineTool.run(CmdLineTool.java:177)
[graylog.jar:?]
at org.graylog2.bootstrap.Main.main(Main.java:44) [graylog.jar:?]

Any ideas?

--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/b9367c0e-201b-4ffa-b483-fb25756c6241%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [graylog2] Need some help disabling ciphers and algorithms

Re: [graylog2] Need some help disabling ciphers and algorithms

Re: [graylog2] Need some help disabling ciphers and algorithms

Re: [graylog2] Need some help disabling ciphers and algorithms

Re: [graylog2] Need some help disabling ciphers and algorithms

[graylog2] Need some help disabling ciphers and algorithms

6 matches

Site Navigation

Mail list logo

Footer information