Home Home > Tag > Security
Sign up | Login

Posts Tagged ‘Security’

syslog-ng vs. systemd’s journald

April 30th, 2018 by

This blog is part of a series of technical blogs leading up to the release of openSUSE Leap 15. All of the blogs provide a use case regarding openSUSE Leap and the packages available in the distribution. Happy reading.

 

Authored by Peter Czanik

People often ask me what to use: systemd’s journald or syslog-ng? The quick answer is that most likely both, but it depends on how you use your computer(s). If you have a single standalone machine, journald is probably enough. There is even a nice desktop application to view the logs in the journal. But once you have multiple machines to manage, using syslog-ng has many advantages.

Even if you use syslog-ng, local system logs are collected by journald. It is an integral part of systemd and cannot be uninstalled. Luckily, syslog-ng can read log messages from the journal. If journald stores additional name-value pairs about an event, syslog-ng can read those as well.

So, why install syslog-ng? The short answer is: central logging.

Why is the central collection of logs such a big deal? One reason is ease of use, as central logging creates a single place to check logs instead of tens or thousands of devices. Another reason is availability – you can check a device’s log messages even if the device itself is unavailable for any reason. A third reason is security; when your device is hacked, checking the logs can uncover traces of the hack.

journald also has some central logging capabilities, but syslog-ng provides a lot more features and better performance:

  • journald was originally designed for local logs on desktops – where there are not that many logs. On the other hand, syslog-ng was designed for high-performance central log collection from the ground up.
  • syslog-ng can collect logs from many more sources, including pipes, sockets, and files. File sources are especially important, as many applications – like web servers – log to files and do that at a rate that journald cannot handle.
  • syslog-ng does more than simple log storage. It can process log messages in many ways: parse them to create name-value pairs for easier alerting and reporting, enrich them with geographical information (GeoIP), rewrite them for anonymization (see PCI-DSS or GDPR), or reformat them according to the requirements of the destination.
  • Filtering in syslog-ng makes very precise log routing possible, ensuring that all logs reach the right destination.
  • Speaking of destinations: there are many possibilities for storing log messages, not just flat files or other syslog servers as it was the case many years ago. For example, you can store logs in SQL databases, send logs to Splunk for further analysis using HTTP, store name-value pairs parsed from logs in MongoDB, or send an email alert using the SMTP destination.

(more…)

Refresh of Linux Distribution Continues Leveraging Community, Enterprise Benefits

July 26th, 2017 by

(Languages: DE, ES, FR, IT, ZH, zh_TW)

openSUSE Leap 42.3 Gives Smooth Desktop and Server UpgradeLeap-green.png

The openSUSE Project released openSUSE Leap 42.3 today bringing the community version more closely aligned with its shared core of SUSE Linux Enterprise (SLE) 12 Service Pack 3.

The mutual packages of both Leap and SLE distributions give seasoned Linux users, systems administrators, and developers even more reason to use the newest chameleon distribution.

Users are advised to take advantage of the seamless upgrade to Leap 42.3. Leap 42.2 reaches its end of maintenance in six months.

“By avoiding major version updates in the base system as well as the desktops, the upgrade to Leap 42.3 is a rather unadventurous matter,” said Ludwig Nussel, openSUSE Leap release manager.

The release of Leap 42.3 provides adopters a reliable server operating system for deploying IT services in physical, virtual or cloud environments.

Leap’s third edition of the 42 series has more than 10,000 packages and offers stability-minded users a refresh and hardware enablement release. The release is powered by the same Linux 4.4 Long-Term-Support (LTS) kernel found in the previous Leap edition.

Leap 42.3 continues to use KDE’s Long-Term-Support release 5.8 as the default desktop selection while also offering GNOME 3.20, the same as used by SUSE Linux Enterprise. A variety of additional desktops is available in the installer through the newly designed desktop selection.

“Leap 42.3 is the culmination of several years of effort integrating SUSE’s Enterprise codebase with the exceptional high-quality work of the openSUSE community,” said Richard Brown, Chairman of the openSUSE Project. “I’m exceptionally proud of what the openSUSE Project has achieved with Leap 42.3 and hope our users appreciate this stable, yet innovative, approach to community Linux, which can really be relied upon to work.”

This release of openSUSE Leap is well suited for servers thanks to its server installation profile and its fully-featured text mode installer, including all the options of YaST without a graphical environment.

System administrators are going to love the backup solution Borg, which now can be used easier than ever thanks to Borgmatic’s wrapper to automatically backup your data daily with a systemd service. Sysadmins will also like Samba’s System Security Services Daemon integration with an Active Directory.

Leap, and the openSUSE project, provides the DevOps tool chain developers need to be successful. Microservices with Leap offer scalability and continuous delivery through the availability of Docker and Kubernetes as well as easy configuration with Salt, Ansible, and other openSUSE technologies. AutoYaST’s new integration with SaltStack and other configuration management systems can take care of the system installation (partitioning, network setup, etc.) and then delegate the system configuration to one of those widely used external tools.

Developers, and businesses can take advantage of extensive core libraries found in Leap 42.3 to build or enhance software for enterprise use. Since Leap and SLE share a common core, development with packages on Leap for use in production on SLE has never been easier. Furthermore, system integrators can develop on Leap with the possibility of getting their work into future SLE releases.

Leap provides the tools, languages and libraries for sustainable software development and engineering. Enterprise ready versions of Python, Ruby, Perl, Go, Rust, Haskell and PHP are all available in Leap.

Updates to the kernel and graphics stack enable more hardware and provide stability and performance improvements.
(more…)

Announcing openSUSE’s GPG Key Server – keyserver.opensuse.org

December 6th, 2016 by

sks-keyserver logo Does it happen to you, too, that there are moments where you ask yourself why others want something from you that is there already since a while? Exactly this happened with https://keyserver.opensuse.org/: the original machine was set up a long time ago to make it easier for people attending the openSUSE GPG key-signing parties, but it looks like nobody officially announced this “new service” for our users…

…and so here we are:  the openSUSE Heroes team is pleased to announce that keyserver.opensuse.org is up and running as public GPG keyserver. We are of course also part of the official keyserver pool, which means that some people might already noticed us, as they got redirected to our server with their requests. (And for those who are interested to setup their own SKS keyserver: we have also written a nice monitoring plugin that helps you keeping an eye on the pool status of your machine and the ones of your peers.)

The server may be accessed either via it’s Web interface (please ping the Heroes if you want to improve it) or via the openPGP HTTP keyserver protocol (HKP), which is normally used by GPG clients.
Try it out by calling something like:

gpg --keyserver keyserver.opensuse.org --search-keys 0xF62B7584

on the command line, or enhance your personal GPG configuration file ~/.gnupg/gpg.conf with:

keyserver hkp://keyserver.opensuse.org

and work as before with your new, preferred GPG keyserver as standard. What more can we say, except “have fun en-/de-crypting your data!”