Opened 6 months ago

Last modified 4 months ago

#32827 assigned defect

archive.tpo's rsync logs ip addresses (and it shouldn't)

Reported by: arma Owned by: anarcat
Priority: Medium Milestone:
Component: Internal Services/Services Admin Team Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

archive.tpo runs an rsync service, which logs to /var/log/rsyncd/rsyncd-archive.log, which includes lines like

2019/12/20 15:33:05 [7497] connect from UNDETERMINED (128.112.16.131)
2019/12/20 15:33:06 [7497] rsync on dist-mirror/ from UNDETERMINED (128.112.16.131)

In our privacy-oriented web log format, we explicitly don't collect timestamp beyond 'which day', and we scrub IP addresses: #20928.

We should do something similar for our rsync log format.

Child Tickets

Change History (5)

comment:1 Changed 5 months ago by anarcat

this probably affects other components, as I just reused existing code when i set that up. we also need to track that.

comment:2 Changed 5 months ago by anarcat

Owner: set to anarcat
Status: newassigned

comment:3 Changed 5 months ago by anarcat

this probably affects other components, as I just reused existing code when i set that up. we also need to track that.

at first glance, that's the only server which has that problem.

i've censored the IP addresses from the rsync access log in a5726714, but we have another problem: rsync is started by systemd socket activation, which happily spills those IP addresses all over itself:

Jan 20 20:09:45 archive-01/archive-01 systemd[1]: Started rsync daemon archive (10.0.0.1:35380).
Jan 20 20:09:45 archive-01/archive-01 systemd[1]: rsyncd-archive@76504-159.69.63.226:873-10.0.0.1:35380.service: Succeeded.

In that context, 10.0.0.1 is my IP address, which I censored in this copy-paste.

so this is only partly fixed.

comment:4 Changed 5 months ago by anarcat

i've filed this as a security issue as per https://github.com/systemd/systemd/security/policy

after a timeout, i'll file it as a bug.

comment:5 Changed 4 months ago by anarcat

filed the bug against systemd after confirmation this wasn't considered a security by RedHat

https://github.com/systemd/systemd/issues/14629

Note: See TracTickets for help on using tickets.