forked from logscape/logscape.github.io
-
Notifications
You must be signed in to change notification settings - Fork 0
/
deploy-security.html
168 lines (157 loc) · 12.4 KB
/
deploy-security.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
<!DOCTYPE html ><html lang="en"><head><title> Logscape 2.0 </title><script src="js/kiss.js"></script><link href="css/bootstrap.min.css" rel="stylesheet"/><link href="css/style.css" rel="stylesheet"/><link href="css/font-awesome-4.0.3/css/font-awesome.min.css" rel="stylesheet"/><link href="css/style-app.css" rel="stylesheet"/><link href="css/app.css" rel="stylesheet"/><link href="//vjs.zencdn.net/4.9/video-js.css" rel="stylesheet"/><script src="//vjs.zencdn.net/4.9/video.js"></script><script src="js/jquery-1.11.0.js"></script><script src="js/bootstrap.min.js"></script><script>var breadcrumbs={
"gettingstarted":"Getting Started"
,"searching":"Search"
,"kv":"Data Discovery"
,"offsets":"Using Offsets"
,"geoip":"Geo IP"
,"pattern":"Using Search Patterns"
,"video":"tutorials"
,"overlays":"Overlaying Searches"
,"starthere":""
,"ds":"Data Sources"
,"add":" Add a New Data Source"
,"multitags":" Using Multi-Tags"
,"syslog":" Connect Syslog Clients"
,"tags": " Sources and Tags"
,"intelligent_field_discovery":" Intelligent Field Discovery"
,"types":"Data Types"
,"system_fields":"System Fields"
,"deploy":"Deployment"
,"app":" Logscape Apps"
,"agents": "Agents "
,"architectures_default": " Default Deployment"
,"architectures_failover": "Failover"
,"architectures_indexstores": " Index Stores"
,"architectures_tenured":"Tenured Data"
,"architectures_zones":" Zones"
,"Backup": "Backup"
,"home":" The Home WorkspacE"
,"import":" Restoring from Backup"
,"partial": " Selective Import"
,"arch_zoning":"Distributed Topology"
,"arch_clm":"Centralized Monitoring Topology"
,"arch_indexstores":"Multiple Index Store Topology"
,"rawtcpserver": "Tcp Server"
,"syslogserer":"Syslog Server"
,"centralconfigs":"Centralized Configuration"
,"boot_properties":"Boot Properties"
,"users":"Users"
,"datagroups": "Data Groups"
,"nested": "Nested Groups"
,"ldap":"Active Directory"
};
$(window).load(function(){
function genLink(arr,idx){
if (idx<0) { return "/"; }
var l="/"
for(i=0;i<=idx;i++){
l=l + arr[i] + "-" ;
}
return l.substring(0,l.length-1) + ".html";
}
function renderCrumbs(page){
console.log("rendering breadcrumbs for page:" + page)
if (page.indexOf("-") < 0){
return ""
}
var parts=page.split("-");
var idx=0;
console.log("rendering " + parts);
var html="<a href='"+genLink(parts,-1)+"'> / Home </a>";
for(idx=0;idx<parts.length;idx++){
k=parts[idx];
html=html + "<a href="+ genLink(parts,idx) + ">";
if (breadcrumbs.hasOwnProperty(k)){
html=html + " / " + breadcrumbs[k];
}else{
html=html + " / " + k[0].toUpperCase() + k.substring(1,k.length);
}
console.log(".");
}
console.log("this far!!!");
return html
}
var elems=window.location.href.split('?')[0].split('/');
var currentPage=elems[elems.length-1].split('.')[0]
console.log("crumb>" + renderCrumbs(currentPage));
$('#widget-bc').html(renderCrumbs(currentPage));
});
</script><script>var blogFeed;
function parseRSS(url, callback) {
$.ajax({
url: document.location.protocol + '//ajax.googleapis.com/ajax/services/feed/load?v=1.0&num=10&callback=?&q=' + encodeURIComponent(url),
dataType: 'json',
success: function(data) {
callback(data.responseData.feed);
}});
}
$(window).load(function() {
parseRSS("http://blog.logscape.com/feed",function(feed){
var num = feed.entries.length;
for(i=0;i< num;i++){
var title=feed.entries[i].title;
//var link=feed.entries[i].
link=feed.entries[i].link;
$(".resource-list ul").append("<li><a href='"+link+"'>"+title+"</a> </li>")
blogFeed=feed;
}
});
});
</script><script>$(window).bind("pageshow",function(){
var $form= $("form")[0];
$form.reset();
});
</script><script>function submit_form(){
var q=$("#searchBox").val()
q=encodeURIComponent(q)
var query="https://www.google.com/?gws_rd=cr&q=site:logscape.github.io++"+q+"#q=site:logscape.github.io++"+q
var location = window.location.href;
console.log("back:" + location);
history.pushState({},"",location);
window.location.replace(query);
}</script></head><body><div style="width:100%;height:85px;background-color:#333;"><!--diva(href="/") Documentation
a(href="") Forums |
a(href="") Getting Started |
a(href="") Logscape |
--><div style="padding-left:100px;padding-top:25px"><img src="images/logscape-apps-logo.png" style="height:45px"/><div style="float:right" class="col-md-3"><form id="cse-search-box" action="" style="position:right;padding-top:5px;padding-bottom:5px" onSubmit="submit_form()"><input type="hidden" name="cx" value="partner-pub-2789521296837340:9402765321"/><input type="hidden" name="ie" value="UTF-8"/><input id="searchBox" type="text" name="q" size="31" style="margin-left:15px"/><input id="cseSubmit" type="submit" value=" " class="btn-search"/></form></div></div></div><div style="width:100%;height:40px;background-color:#EEE;box-shadow: 0 0 2px #999;"><div style="padding-left:140px;padding-top:10px;font-size:14px"><a href="http://apps.logscape.com">Apps | </a><!--a(href="http://support.liquidlabs.co.uk") Release 1.3 | --><a href="http://logscape.activeboard.com/">Forums | </a><a href="gettingstarted.html">Getting Started </a><img style="height:0;width:0" src="http://logscape.com/images/track.png?version=support"/></div></div><!--.container-fluid.navbar(style="min-height:30px;margin-bottom:5px;").row(style="height:5px")
.row
.col-md-8
.col-md-1--><div class="container-fluid"><!--.row.col-md-7
form#cse-search-box(action="",style="position:right;padding-top:5px;padding-bottom:5px",onSubmit="submit_form()")
a(href="/")
img(src="images/logo.png",style="padding-top:0px,padding-right:15px",width="150")
input(type="hidden",name="cx",value="partner-pub-2789521296837340:9402765321")
input(type="hidden",name="ie",value="UTF-8")
input#searchBox(type="text",name="q",size="31",style="margin-left:15px")
input.btn-search#cseSubmit(type="submit",value=" ")
a(href="http://apps.logscape.com") Apps |
a(href="http://support.liquidlabs.co.uk") Release 1.3 |
a(href="http://logscape.activeboard.com/") Forums |
a(href="gettingstarted.html") Getting Started
--><div class="row"><div class="col-md-1"></div><div class="col-md-2"></div><div class="col-md-5"><div id="widget-bc" padding-left:150px="padding-left:150px" class="breadcrumbs style"> </div></div></div><div class="row"><div style="width:100px" class="col-md-1"><p></p></div><div class="col-md-2 nav-padding"><ul class="nav nav-tabs nav-stacked"><li><a href="searching.html">Search</a></li><li><a href="workspaces.html">WorkSpaces</a></li><li><a href="ds.html">Data Sources</a></li><li><a href="types.html">Data Types </a></li><li><a href="deploy.html">Deployment</a></li><li><a href="users.html">Users </a></li><li><a href="alerts.html">Alerts </a></li><li><a href="technology.html">Technology</a></li><li><a href="https://twitter.com/logscape" data-show-count="false" data-size="large" class="twitter-follow-button">Follow @logscape</a><script>=!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?'http':'https';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+'://platform.twitter.com/widgets.js';fjs.parentNode.insertBefore(js,fjs);}}(document, 'script', 'twitter-wjs');</script></li></ul><div style="padding-left:50px"><h4>Articles </h4></div><hr/><div class="resource-list"><ul style="list-style:none;padding-left:10px;background-color:#FFFEE7"></ul></div></div><div class="col-md-9 content-area"><div class="container-fluid"><div class="row"><div class="col-md-11"><h3>Securing Endpoints </h3><p>The Agents and the Manager can be secured by enabling endpoint security feature on each agent. This feature is disabled by default. To enable, edit the boot.properties and add the following system property: <blockquote> -Dendpoint.security.enabled=true </blockquote>This property needs to be on the Mangers boot.properties and any Forwarder or IndexStore that wants to participate in the Logscape deployment. </p><a id="hostfilter" name="hostfilter"></a><h3>Host Based Authorization</h3><h4>Host Filter</h4><p>An explicit list of hosts that are allowed to join the deployment can be configured. The following system property </p><blockquote> -Dhosts.filter=$IPADDRESS-PATTERN</blockquote><p>is set to a regular expression that matches a valid set of Agents. If the host.filter can not match all the agents in an environment a hosts file can be used instead. </p><h4>Hosts File </h4><p>The host file contains a list of address patterns. Each patterns should be on a new line. The file is located at <blockquote>$LOGSCAPE_HOME/hosts </blockquote> </p><p>An example of patterns used to match a range of hosts. <pre>10.28.1.[160-170]
10.28.1.[130-140]
10.28.3.15.* </pre></p><h3>Authority Tokens </h3><a id="authtokens" name="authtokens"></a><p>The authority tokens are used to mutually authenticate the Manager with an Agent and vice-versa. When endpoint security is enabled this happens by default , using a default token. Agents that do not belong to your deployment could potentially join the environment. The following properties are used to override the default authentication tokens.</p><blockquote>-Dclient.auth.token=$CLIENT_SECRET</blockquote><blockquote>-Dserver.auth.token=$SERVER_SECRET</blockquote><p>Both these properties need to be in the boot.properties for the security handshake to be successful. The Auth Tokens are encrypted and then exchanged using the public keys on the Agent. </p><h3>Public and Private Key Locations </h3><a id="keys" name="keys"></a><p>To set up public key encryption in Logscape perform the following steps.</p><ul><li> Generate your private and public keys. You can use the java keytool or openssl to interact with non java keystore (JKS)</li><li> Decide whether to store the keys in a file ( e.g public.key and private.pem) or in the JKS. </li><li> Distribute the public keys to the IndexStores and Forwarders. On the Forwarders and indexstores copy the public.key and the private.pem into the ssl folder or use the keytool to add to the JKS</li></ul><strong>Overriding System Defaults </strong><p>The keys,locations and key aliases that Logscsape uses for encryption and authentication can be overridden in the boot.properties. They keys can be stored in the Java Keystore or externally. </p><table class="table"><tr><td><h5> Key Store Location </h5></td><td>Default Location of the keystore is <blockquote> $LOGSCAPE_HOME/ssl/.keystore. </blockquote>To override the keystore location use the following system property <blockquote>-Dcert.keystore.file=ssl/.keystore</blockquote></td></tr><tr> <td><h5> Key Store Password </h5></td><td>The default keystore pass can be overwritten with using a system property<blockquote>-Dcert.keystore.pass=mynewpassphrase</blockquote></td></tr><tr> <td><h5>Key Alias </h5></td><td>The default keystore alias is '1'. If you use a different alias in your keystore update the following system property to override the defaults<blockquote>-Dcert.keystore.alias=certalias </blockquote></td></tr><tr><td> <h5>Private Key </h5></td><td> The default file for the private key is <blockquote>ssl/private.pem </blockquote> The location of the private key can be configured in the boot.properties<blockquote>-Dprivate.cert=$PATH_TO/myprivatekey.pem</blockquote></td></tr><tr><td> <h5>Private Key </h5></td><td> The default file for the public key is <blockquote>ssl/public.key</blockquote> The location of the public key can be configured in the boot.properties<blockquote>-Dpublic.cert=$PATH_TO/mypublickey.key</blockquote></td></tr></table></div><!--p The diagram below shows an outline private system properties and their corresponding files.
.image
center
img(src="images/deploy-security-keys.png")
--></div></div></div></div><!--hr.dark
.col-md-3
Logscape Copyright 2014(c) Registered Trademark --></div><script>$( document ).ready(function() {
$("#cseSubmit").on("click",function(e){
e.preventDefault();
submit_form();
});
$("#searchBox").on("keypress",function(e){
if (e.keyCode == 13) {
e.preventDefault();
submit_form()
}
});
});
</script><script>(function(g,i,a,n,t,s){g['SeeYourVisitors']=n;g[n]=g[n]||function(){
(g[n].q=g[n].q||[]).push(arguments)},g[n].l=1*new Date();t=i.createElement(a),
s=i.getElementsByTagName(a)[0];t.async=1;t.src='//seeyourvisitors2.appspot.com/gg.js';
s.parentNode.insertBefore(t,s)})(window,document,'script','gg');
gg('create', 'd1a8b082-8806-4793-936f-35f5e41b3592');
gg('track');</script><script src="js/ga.js"></script></body></html>