Operating a centralized log host has been established as a task in the most recent risk treatment plan. The security of the loghost itself is covered by the existing security practices around running graylog. To avoid additional complicated requirements for further encryption we decided to run log hosts per location and avoid shipping log data over the internet.
Also, we receive log data from all hosts within a DC freely so we expect those to be trustworthy "enough". However, we need to avoid shipping log data to the wrong hosts.
[X] Security requirements tested? (EVIDENCE)
Log hosts are properly identified and logged to based on the new "non-customer-selectable" role "loghost_location" and this has been tested manually on all platforms (puppet/gentoo, nixos 15.09 and nixos 19.03)
@flyingcircusio/release-managers
Release process
Impact:
Changelog:
Security implications
Operating a centralized log host has been established as a task in the most recent risk treatment plan. The security of the loghost itself is covered by the existing security practices around running graylog. To avoid additional complicated requirements for further encryption we decided to run log hosts per location and avoid shipping log data over the internet.
Also, we receive log data from all hosts within a DC freely so we expect those to be trustworthy "enough". However, we need to avoid shipping log data to the wrong hosts.
Log hosts are properly identified and logged to based on the new "non-customer-selectable" role "loghost_location" and this has been tested manually on all platforms (puppet/gentoo, nixos 15.09 and nixos 19.03)