Re: [ClusterLabs] corosync 2.4.4 version provide secure the communication by default
On Sun, 2023-03-26 at 10:42 +, S Sathish S via Users wrote: > Hi Jan, > > In Corosync which all scenario it send cpg message and what is impact > if we are not secure communication. Pacemaker uses CPG extensively to communicate between nodes. Sensitive information such as the entire CIB is passed via CPG. > Any outsider attacker can manipulate the system using unencrypted > communication. An outsider who can intercept network traffic between cluster nodes could view data such as the CIB when encryption is not used. If the outsider can also sit as a "man-in-the-middle," manipulating the network traffic, then it could also easily gain access to cluster nodes. > Corosync used for heartbeat communication in that we don’t have any > sensitive data really need to secure ? if not then any other > sensitive data transferred via corosync communication. Corosync's cluster membership protocol handles the heartbeat; CPG is a cluster messaging protocol, allowing cluster nodes to send data to each other, so it depends on what uses CPG. In this case, Pacemaker uses CPG for sensitive data. > > Thanks and Regards, > S Sathish S -- Ken Gaillot ___ Manage your subscription: https://lists.clusterlabs.org/mailman/listinfo/users ClusterLabs home: https://www.clusterlabs.org/
Re: [ClusterLabs] corosync 2.4.4 version provide secure the communication by default
On 26/03/2023 12:42, S Sathish S wrote: Hi Jan, Hi, In Corosync which all scenario it send cpg message and what is impact if we are not secure communication. It really depends of what services are used, but generally speaking corosync without cpg is not super useful so I guess cpg is probably used... 1. Any outsider attacker can manipulate the system using unencrypted communication. yes 2. Corosync used for heartbeat communication in that we don't have any sensitive data really need to secure ? if not then any other sensitive data transferred via corosync communication. Not sure I understand question - but in general modifying corosync messages can lead to huge problems. If attacker can really change messages it's super easy to change membership, make it unstable, ... it's not really just about changing content of cpg data. What is the point to turn off encryption? Regards, Honza Thanks and Regards, S Sathish S ___ Manage your subscription: https://lists.clusterlabs.org/mailman/listinfo/users ClusterLabs home: https://www.clusterlabs.org/
Re: [ClusterLabs] corosync 2.4.4 version provide secure the communication by default
Hi Jan, In Corosync which all scenario it send cpg message and what is impact if we are not secure communication. 1. Any outsider attacker can manipulate the system using unencrypted communication. 2. Corosync used for heartbeat communication in that we don't have any sensitive data really need to secure ? if not then any other sensitive data transferred via corosync communication. Thanks and Regards, S Sathish S ___ Manage your subscription: https://lists.clusterlabs.org/mailman/listinfo/users ClusterLabs home: https://www.clusterlabs.org/
Re: [ClusterLabs] corosync 2.4.4 version provide secure the communication by default
On 23/01/2023 10:38, S Sathish S wrote: Hi Jan/Team, Yes , In syslog we noticed "crypto: none" during startup of corosync service. Ok, so then communication is unencrypted. In Corosync communication which protocols/ports transfer sensitive data which need to be secured ? Corosync implements its own protocol and for udpu it is using port 5405 by default. Or It will have only binary protocol like 5405 port for all corosync communication? Yes Basically if you dump UDP traffic port 5405 you should see messages sent via cpg. For example I've tried: tcpdump -i eth1 -nN -nn udp and send "This is nice test" using testcpg (which is using CPG group called GROUP) and entry "16:12:22.534234 IP 192.168.63.35.52319 > 192.168.63.36.5405: UDP, length 321 E..]D?@.@.?#..?$._...I.".."..?#..)...(...?#o.aGROUPU..This is nice test" was logged. Regards, Honza Thanks and Regards, S Sathish S -Original Message- From: Jan Friesse Sent: 23 January 2023 14:50 To: Cluster Labs - All topics related to open-source clustering welcomed Cc: S Sathish S Subject: Re: [ClusterLabs] corosync 2.4.4 version provide secure the communication by default Hi, On 23/01/2023 01:37, S Sathish S via Users wrote: Hi Team, corosync 2.4.4 version provide mechanism to secure the communication path between nodes of a cluster by default? bcoz in our configuration secauth is turned off but still communication occur is encrypted. Note : Capture tcpdump for port 5405 and I can see that the data is already garbled and not in the clear. It's binary protocol so don't expect some really readable format (like xml/json/...). But with your config it should be unencrypted. You can check message "notice [TOTEM ] Initializing transmit/receive security (NSS) crypto: none hash: none" during start of corosync. Regards, Honza [root@node1 ~]# cat /etc/corosync/corosync.conf totem { version: 2 cluster_name: OCC secauth: off transport: udpu } nodelist { node { ring0_addr: node1 nodeid: 1 } node { ring0_addr: node2 nodeid: 2 } node { ring0_addr: node3 nodeid: 3 } } quorum { provider: corosync_votequorum } logging { to_logfile: yes logfile: /var/log/cluster/corosync.log to_syslog: no timestamp: on } Thanks and Regards, S Sathish S ___ Manage your subscription: https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-45444 731-d41b18997a64a81a=1=d75dcac1-7d11-41aa-b596-47366bde2862= https%3A%2F%2Flists.clusterlabs.org%2Fmailman%2Flistinfo%2Fusers ClusterLabs home: https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-45444 731-b3537e65a3f1def4=1=d75dcac1-7d11-41aa-b596-47366bde2862= https%3A%2F%2Fwww.clusterlabs.org%2F ___ Manage your subscription: https://lists.clusterlabs.org/mailman/listinfo/users ClusterLabs home: https://www.clusterlabs.org/
Re: [ClusterLabs] corosync 2.4.4 version provide secure the communication by default
Hi Jan/Team, Yes , In syslog we noticed "crypto: none" during startup of corosync service. In Corosync communication which protocols/ports transfer sensitive data which need to be secured ? Or It will have only binary protocol like 5405 port for all corosync communication? Thanks and Regards, S Sathish S -Original Message- From: Jan Friesse Sent: 23 January 2023 14:50 To: Cluster Labs - All topics related to open-source clustering welcomed Cc: S Sathish S Subject: Re: [ClusterLabs] corosync 2.4.4 version provide secure the communication by default Hi, On 23/01/2023 01:37, S Sathish S via Users wrote: > Hi Team, > > corosync 2.4.4 version provide mechanism to secure the communication path > between nodes of a cluster by default? bcoz in our configuration secauth is > turned off but still communication occur is encrypted. > > Note : Capture tcpdump for port 5405 and I can see that the data is already > garbled and not in the clear. It's binary protocol so don't expect some really readable format (like xml/json/...). But with your config it should be unencrypted. You can check message "notice [TOTEM ] Initializing transmit/receive security (NSS) crypto: none hash: none" during start of corosync. Regards, Honza > > [root@node1 ~]# cat /etc/corosync/corosync.conf totem { > version: 2 > cluster_name: OCC > secauth: off > transport: udpu > } > > nodelist { > node { > ring0_addr: node1 > nodeid: 1 > } > > node { > ring0_addr: node2 > nodeid: 2 > } > > node { > ring0_addr: node3 > nodeid: 3 > } > } > > quorum { > provider: corosync_votequorum > } > > logging { > to_logfile: yes > logfile: /var/log/cluster/corosync.log > to_syslog: no > timestamp: on > } > > Thanks and Regards, > S Sathish S > > > ___ > Manage your subscription: > https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-45444 > 731-d41b18997a64a81a=1=d75dcac1-7d11-41aa-b596-47366bde2862= > https%3A%2F%2Flists.clusterlabs.org%2Fmailman%2Flistinfo%2Fusers > > ClusterLabs home: > https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-45444 > 731-b3537e65a3f1def4=1=d75dcac1-7d11-41aa-b596-47366bde2862= > https%3A%2F%2Fwww.clusterlabs.org%2F > ___ Manage your subscription: https://lists.clusterlabs.org/mailman/listinfo/users ClusterLabs home: https://www.clusterlabs.org/
Re: [ClusterLabs] corosync 2.4.4 version provide secure the communication by default
Hi, On 23/01/2023 01:37, S Sathish S via Users wrote: Hi Team, corosync 2.4.4 version provide mechanism to secure the communication path between nodes of a cluster by default? bcoz in our configuration secauth is turned off but still communication occur is encrypted. Note : Capture tcpdump for port 5405 and I can see that the data is already garbled and not in the clear. It's binary protocol so don't expect some really readable format (like xml/json/...). But with your config it should be unencrypted. You can check message "notice [TOTEM ] Initializing transmit/receive security (NSS) crypto: none hash: none" during start of corosync. Regards, Honza [root@node1 ~]# cat /etc/corosync/corosync.conf totem { version: 2 cluster_name: OCC secauth: off transport: udpu } nodelist { node { ring0_addr: node1 nodeid: 1 } node { ring0_addr: node2 nodeid: 2 } node { ring0_addr: node3 nodeid: 3 } } quorum { provider: corosync_votequorum } logging { to_logfile: yes logfile: /var/log/cluster/corosync.log to_syslog: no timestamp: on } Thanks and Regards, S Sathish S ___ Manage your subscription: https://lists.clusterlabs.org/mailman/listinfo/users ClusterLabs home: https://www.clusterlabs.org/ ___ Manage your subscription: https://lists.clusterlabs.org/mailman/listinfo/users ClusterLabs home: https://www.clusterlabs.org/