From 76b4418f937fd1dbaa1061fa5f83f11ea046dc40 Mon Sep 17 00:00:00 2001 From: Noriko Hosoi Date: Thu, 10 Sep 2020 16:35:43 -0700 Subject: [PATCH 3/7] Adding "Port and SELinux" section to README. (cherry picked from commit 5f144bc74edbcd80a53a2fe84aa464f7ea9f44ef) --- README.md | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 0eafde8..db29dc5 100644 --- a/README.md +++ b/README.md @@ -19,6 +19,7 @@ * [Standalone configuration](#standalone-configuration) * [Client configuration](#client-configuration) * [Server configuration](#server-configuration) + * [Port and SELinux](#port-and-selinux) * [Providers](#providers) * [Tests](#tests) * [Implementation Details](#implementation-details) @@ -111,10 +112,10 @@ This is a schematic logging configuration to show log messages from input_nameA - `ovirt` type - `ovirt` input supports oVirt specific inputs.
For the details, visit [oVirt Support](../../design_docs/rsyslog_ovirt_support.md). -- `remote` type - `remote` input supports receiving logs from the remote logging system over the network. This input type makes rsyslog a server.
+- `remote` type - `remote` input supports receiving logs from the remote logging system over the network.
**available options** - - `udp_ports`: List of UDP port numbers to listen. If set, the `remote` input listens on the UDP ports. No defaults. If both `udp_ports` and `tcp_ports` are set in a `remote` input item, `udp_ports` is used and `tcp_ports` is dropped. - - `tcp_ports`: List of TCP port numbers to listen. If set, the `remote` input listens on the TCP ports. Default to `[514]`. If both `udp_ports` and `tcp_ports` are set in a `remote` input item, `udp_ports` is used and `tcp_ports` is dropped. If both `udp_ports` and `tcp_ports` are not set in a `remote` input item, `tcp_ports: [514]` is added to the item. + - `udp_ports`: List of UDP port numbers to listen. If set, the `remote` input listens on the UDP ports. No defaults. If both `udp_ports` and `tcp_ports` are set in a `remote` input item, `udp_ports` is used and `tcp_ports` is dropped. See also [Port and SELinux](#port-and-selinux). + - `tcp_ports`: List of TCP port numbers to listen. If set, the `remote` input listens on the TCP ports. Default to `[514]`. If both `udp_ports` and `tcp_ports` are set in a `remote` input item, `udp_ports` is used and `tcp_ports` is dropped. If both `udp_ports` and `tcp_ports` are not set in a `remote` input item, `tcp_ports: [514]` is added to the item. See also [Port and SELinux](#port-and-selinux). - `tls`: Set to `true` to encrypt the connection using the default TLS implementation used by the provider. Default to `false`. - `pki_authmode`: Specifying the default network driver authentication mode. `x509/name`, `x509/fingerprint`, `anon` is accepted. Default to `x509/name`. - `permitted_clients`: List of hostnames, IP addresses, fingerprints(sha1), and wildcard DNS domains which will be allowed by the `logging` server to connect and send logs over TLS. Default to `['*.{{ logging_domain }}']` @@ -591,6 +592,15 @@ The following playbook generates the same logging configuration files. outputs: [remote_files_output0, remote_files_output1] ``` +### Port and SELinux + +SELinux is only configured to allow sending and receiving on the following ports by default: +``` +syslogd_port_t tcp 514, 20514 +syslogd_port_t udp 514, 20514 +``` +If other ports need to be configured, you can use [linux-system-roles/selinux](https://github.com/linux-system-roles/selinux) to manage SELinux contexts. + ## Providers [Rsyslog](roles/rsyslog) - This documentation contains rsyslog specific information. -- 2.26.2