10. Security

10.1 Certificate location and replacement

All external connections are encrypted with TLS/SSL, this includes the API on port 8080, SSH and HTTP for user login.

To update the certificates for Apache 2, copy the new certificates to the following directory:

/etc/cert/

After you copied the new certificates, update the apache2 configuration. File location:

/etc/apache2/sites-enabled/

Check for the lines:

SSLCertificateKeyFile /etc/cert/rs.key
SSLCertificateFile /etc/cert/rs.crt

Replace the path with the uploaded certificate.

Reload configuration to apply:

service apache2 restart

10.2 RS4LOGJ-CVE-2021-44228

Apache Log4j vulnerability - CVE-2021-44228 instructions for Remote Syslog:

Remote Syslog uses the Elasticsearch module to save logging.

Effected products: RSL, RSE and RSX.

RSC is not effected.

10.2.1 Upgrade to recommended version

Check version:

curl -XGET 'http://localhost:9200'

Output:

"number" : "7.16.2"

or

"number" : "6.8.22"

Official document Elasticsearch:

https://www.elastic.co/blog/new-elasticsearch-and-logstash-releases-upgrade-apache-log4j2

All versions below: 7.16.2 or 6.8.22 are vulnerable. If the version is higher you are good to go and no action is needed.

Upgrade instuction to Elasticsearch 7.16.2 or 6.8.22:

1. In case of a vitual machine create a snapshot

2. Run the upgrade:

sudo apt update && sudo apt upgrade

!!Please check if the recommended version or higher is going to be installed!!

10.2.2 Mitigation without upgrade

Edit:

nano /etc/elasticsearch/jvm.options

Add:

-Dlog4j2.formatMsgNoLookups=true

Restart elasticsearch service:

service elasticsearch restart