On 2014-04-08 21:43, Matthew Burgess wrote:
On 8 Apr 2014 09:29, "Tom" <t...@t0mb.net [1]> wrote:
>
> Hi,
>
> In light of the recently publicised vulnerability in OpenSSL
versions provided on RHEL6/CentOS6 http://heartbleed.com/ [2], do you
have any recommendations on a procedure to regenerate new master
certificates and then revoke, clean and re-sign all client SSL
certificates?
Whilst I cant offer any direct answer to your question, and agree
that
its a generally useful thing to have in the toolbox, Im slightly
inquisitive as to why you feel that action is necessary for this
vulnerability. Is your Puppet Master accessible publically via the
Internet and if so, why is that? If it isnt directly accessible via
the Internet who/what is it that you think could have exploited the
vulnerability?
When the organisation is big enough that physical security of the
internal network cannot be assured, then "internal-only access" is not
save either.
In my experience any VLAN that leaves a locked down rack cage - or any
rack cage with more than a single person having access (including
maintenance and facility management personnel) cannot rely on physical
security alone.
Regards, David
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/dcb54d36e54d6ff42d78603d0caace0d%40hosting.edv-bus.at.
For more options, visit https://groups.google.com/d/optout.