Re: [ClusterLabs] corosync 2.4.4 version provide secure the communication by default
On Sun, 2023-03-26 at 10:42 +, S Sathish S via Users wrote: > Hi Jan, > > In Corosync which all scenario it send cpg message and what is impact > if we are not secure communication. Pacemaker uses CPG extensively to communicate between nodes. Sensitive information such as the entire CIB is passed via CPG. > Any outsider attacker can manipulate the system using unencrypted > communication. An outsider who can intercept network traffic between cluster nodes could view data such as the CIB when encryption is not used. If the outsider can also sit as a "man-in-the-middle," manipulating the network traffic, then it could also easily gain access to cluster nodes. > Corosync used for heartbeat communication in that we don’t have any > sensitive data really need to secure ? if not then any other > sensitive data transferred via corosync communication. Corosync's cluster membership protocol handles the heartbeat; CPG is a cluster messaging protocol, allowing cluster nodes to send data to each other, so it depends on what uses CPG. In this case, Pacemaker uses CPG for sensitive data. > > Thanks and Regards, > S Sathish S -- Ken Gaillot ___ Manage your subscription: https://lists.clusterlabs.org/mailman/listinfo/users ClusterLabs home: https://www.clusterlabs.org/
Re: [ClusterLabs] corosync 2.4.4 version provide secure the communication by default
On 26/03/2023 12:42, S Sathish S wrote: Hi Jan, Hi, In Corosync which all scenario it send cpg message and what is impact if we are not secure communication. It really depends of what services are used, but generally speaking corosync without cpg is not super useful so I guess cpg is probably used... 1. Any outsider attacker can manipulate the system using unencrypted communication. yes 2. Corosync used for heartbeat communication in that we don't have any sensitive data really need to secure ? if not then any other sensitive data transferred via corosync communication. Not sure I understand question - but in general modifying corosync messages can lead to huge problems. If attacker can really change messages it's super easy to change membership, make it unstable, ... it's not really just about changing content of cpg data. What is the point to turn off encryption? Regards, Honza Thanks and Regards, S Sathish S ___ Manage your subscription: https://lists.clusterlabs.org/mailman/listinfo/users ClusterLabs home: https://www.clusterlabs.org/
Re: [ClusterLabs] corosync 2.4.4 version provide secure the communication by default
Hi Jan, In Corosync which all scenario it send cpg message and what is impact if we are not secure communication. 1. Any outsider attacker can manipulate the system using unencrypted communication. 2. Corosync used for heartbeat communication in that we don't have any sensitive data really need to secure ? if not then any other sensitive data transferred via corosync communication. Thanks and Regards, S Sathish S ___ Manage your subscription: https://lists.clusterlabs.org/mailman/listinfo/users ClusterLabs home: https://www.clusterlabs.org/
Re: [ClusterLabs] corosync 2.4.4 version provide secure the communication by default
On 23/01/2023 10:38, S Sathish S wrote:
Hi Jan/Team,
Yes , In syslog we noticed "crypto: none" during startup of corosync service.
Ok, so then communication is unencrypted.
In Corosync communication which protocols/ports transfer sensitive data which
need to be secured ?
Corosync implements its own protocol and for udpu it is using port 5405
by default.
Or It will have only binary protocol like 5405 port for all corosync
communication?
Yes
Basically if you dump UDP traffic port 5405 you should see messages sent
via cpg.
For example I've tried:
tcpdump -i eth1 -nN -nn udp
and send "This is nice test" using testcpg (which is using CPG group
called GROUP) and entry
"16:12:22.534234 IP 192.168.63.35.52319 > 192.168.63.36.5405: UDP,
length 321
E..]D?@.@.?#..?$._...I.".."..?#..)...(...?#o.aGROUPU..This
is nice test"
was logged.
Regards,
Honza
Thanks and Regards,
S Sathish S
-Original Message-
From: Jan Friesse
Sent: 23 January 2023 14:50
To: Cluster Labs - All topics related to open-source clustering welcomed
Cc: S Sathish S
Subject: Re: [ClusterLabs] corosync 2.4.4 version provide secure the
communication by default
Hi,
On 23/01/2023 01:37, S Sathish S via Users wrote:
Hi Team,
corosync 2.4.4 version provide mechanism to secure the communication path
between nodes of a cluster by default? bcoz in our configuration secauth is
turned off but still communication occur is encrypted.
Note : Capture tcpdump for port 5405 and I can see that the data is already
garbled and not in the clear.
It's binary protocol so don't expect some really readable format (like
xml/json/...). But with your config it should be unencrypted. You can check message
"notice [TOTEM ] Initializing transmit/receive security
(NSS) crypto: none hash: none" during start of corosync.
Regards,
Honza
[root@node1 ~]# cat /etc/corosync/corosync.conf totem {
version: 2
cluster_name: OCC
secauth: off
transport: udpu
}
nodelist {
node {
ring0_addr: node1
nodeid: 1
}
node {
ring0_addr: node2
nodeid: 2
}
node {
ring0_addr: node3
nodeid: 3
}
}
quorum {
provider: corosync_votequorum
}
logging {
to_logfile: yes
logfile: /var/log/cluster/corosync.log
to_syslog: no
timestamp: on
}
Thanks and Regards,
S Sathish S
___
Manage your subscription:
https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-45444
731-d41b18997a64a81a=1=d75dcac1-7d11-41aa-b596-47366bde2862=
https%3A%2F%2Flists.clusterlabs.org%2Fmailman%2Flistinfo%2Fusers
ClusterLabs home:
https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-45444
731-b3537e65a3f1def4=1=d75dcac1-7d11-41aa-b596-47366bde2862=
https%3A%2F%2Fwww.clusterlabs.org%2F
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users
ClusterLabs home: https://www.clusterlabs.org/
Re: [ClusterLabs] corosync 2.4.4 version provide secure the communication by default
Hi Jan/Team,
Yes , In syslog we noticed "crypto: none" during startup of corosync service.
In Corosync communication which protocols/ports transfer sensitive data which
need to be secured ?
Or It will have only binary protocol like 5405 port for all corosync
communication?
Thanks and Regards,
S Sathish S
-Original Message-
From: Jan Friesse
Sent: 23 January 2023 14:50
To: Cluster Labs - All topics related to open-source clustering welcomed
Cc: S Sathish S
Subject: Re: [ClusterLabs] corosync 2.4.4 version provide secure the
communication by default
Hi,
On 23/01/2023 01:37, S Sathish S via Users wrote:
> Hi Team,
>
> corosync 2.4.4 version provide mechanism to secure the communication path
> between nodes of a cluster by default? bcoz in our configuration secauth is
> turned off but still communication occur is encrypted.
>
> Note : Capture tcpdump for port 5405 and I can see that the data is already
> garbled and not in the clear.
It's binary protocol so don't expect some really readable format (like
xml/json/...). But with your config it should be unencrypted. You can check
message "notice [TOTEM ] Initializing transmit/receive security
(NSS) crypto: none hash: none" during start of corosync.
Regards,
Honza
>
> [root@node1 ~]# cat /etc/corosync/corosync.conf totem {
> version: 2
> cluster_name: OCC
> secauth: off
> transport: udpu
> }
>
> nodelist {
> node {
> ring0_addr: node1
> nodeid: 1
> }
>
> node {
> ring0_addr: node2
> nodeid: 2
> }
>
> node {
> ring0_addr: node3
> nodeid: 3
> }
> }
>
> quorum {
> provider: corosync_votequorum
> }
>
> logging {
> to_logfile: yes
> logfile: /var/log/cluster/corosync.log
> to_syslog: no
> timestamp: on
> }
>
> Thanks and Regards,
> S Sathish S
>
>
> ___
> Manage your subscription:
> https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-45444
> 731-d41b18997a64a81a=1=d75dcac1-7d11-41aa-b596-47366bde2862=
> https%3A%2F%2Flists.clusterlabs.org%2Fmailman%2Flistinfo%2Fusers
>
> ClusterLabs home:
> https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-45444
> 731-b3537e65a3f1def4=1=d75dcac1-7d11-41aa-b596-47366bde2862=
> https%3A%2F%2Fwww.clusterlabs.org%2F
>
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users
ClusterLabs home: https://www.clusterlabs.org/
Re: [ClusterLabs] corosync 2.4.4 version provide secure the communication by default
Hi,
On 23/01/2023 01:37, S Sathish S via Users wrote:
Hi Team,
corosync 2.4.4 version provide mechanism to secure the communication path
between nodes of a cluster by default? bcoz in our configuration secauth is
turned off but still communication occur is encrypted.
Note : Capture tcpdump for port 5405 and I can see that the data is already
garbled and not in the clear.
It's binary protocol so don't expect some really readable format (like
xml/json/...). But with your config it should be unencrypted. You can
check message "notice [TOTEM ] Initializing transmit/receive security
(NSS) crypto: none hash: none" during start of corosync.
Regards,
Honza
[root@node1 ~]# cat /etc/corosync/corosync.conf
totem {
version: 2
cluster_name: OCC
secauth: off
transport: udpu
}
nodelist {
node {
ring0_addr: node1
nodeid: 1
}
node {
ring0_addr: node2
nodeid: 2
}
node {
ring0_addr: node3
nodeid: 3
}
}
quorum {
provider: corosync_votequorum
}
logging {
to_logfile: yes
logfile: /var/log/cluster/corosync.log
to_syslog: no
timestamp: on
}
Thanks and Regards,
S Sathish S
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users
ClusterLabs home: https://www.clusterlabs.org/
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users
ClusterLabs home: https://www.clusterlabs.org/
