Scalr 5.1 MySQL-PostreSQL

Yametazamwa mara 13

Ruka hadi kwenye ujumbe wa kwanza ambao haujasomwa

adrian.fuent...@innovation4security.com

hayajasomwa,

20 Feb 2015, 08:23:5820/02/2015

kwa scalr-...@googlegroups.com

Hi all,

I have been playing with mysql and postgresql roles and I have realized that passwords appear clearly on scalarizr logs. They appear in this file:

(-rw-r--r--) /var/log/scalarizr_update.log

As you can see everybody can read this file, so everybody can see the password clearly. I know that it doesn't appear the user, but somebody that look for a little information about scalr, will find default scalr user for databases.

Another file is the following:

(-rw-------) /var/log/scalarizr_debug.log

Here you can find logs like

"DEBUG - scalarizr.services.mysql - INSERT INTO mysql.user VALUES('localhost','foo',PASSWORD('bar'),'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','','','','',0,

0,0,0,'','');"

I know that root can only read and write, but, is that secure?

Is there any way to deactivate logs for scalarizr from scalr server?

On the other hand, I am just trying to understand how replication works with mysql and postgresql roles in aws. I have seen that when new slave instance is launched, a snapshot is created and a new volume from this snapshot is used for slave node. After this, how information is sent to the slave? is it possible to write in master node when slave is launched? I haven't seen any rsync or something like that. Could you explain me? I tried to find something in your wiki but I did't get it.

Thanks in advance!!

Thomas Orozco

hayajasomwa,

20 Feb 2015, 18:01:5320/02/2015

kwa scalr-...@googlegroups.com

Hey Adrian,

Two things:

- The update log should only have one key, which is a one-time key that is not used by MySQL, and is expired / revoked shortly after Scalarizr starts. Nonetheless, we'll shortly set the permissions to 600 on this log.

- The debug log does have the MySQL password, but if someone can read it then they can subvert MySQL anyway. However, if having the password in the log makes you uncomfortable, you can truncate the log anyway.

Does this help?

Cheers,

-- Thomas | Product Manager @ Scalr | tho...@scalr.com | www.scalr.com | blog.scalr.com

--
You received this message because you are subscribed to the Google Groups "scalr-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to scalr-discus...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Jibu wote

Mjibu mchapishaji

Sambaza

Ujumbe 0 mpya