How to secure rsyslog logging into MySQL

Question

I'm looking for a way to encrypt the traffic between our hosts and the logging host in our Debian universe. rsyslog uses the ommysql module and the server is already configured to accept the users' requests only by SSL (GRANT USAGE ON *.* TO testssl@loghost REQUIRE SSL;).

I already tried to create a my.cnf for rsyslog. I provide it to the ommysql module via parameter MySQLConfig.File=... in the /etc/rsyslog.d/mysql.conf file.

The content of the my.cnf:

[client]
  ssl = 1

(I first tried with ssl-mode=REQUIRED, but that failed completely; obviously my current debian buster still doesn't support this option).

Is there anything else I don't see?

score 0 · Answer 1 · answered May 25 '21 at 07:14

I think I found at least a possible solution: When creating and configuring client certificates into the my.cnf that is used for the rsyslog setup, the connection works. This of course brings in even more security, though I was hoping we could do without that extra work.

[client]
  ssl = 1
  ssl-ca=/etc/rsyslog.d/ca-cert.pem
  ssl-cert=/etc/rsyslog.d/client-cert.pem
  ssl-key=/etc/rsyslog.d/client-key.pem

There probably is a better place for these files, at least the permission only allows root to read them.

How to secure rsyslog logging into MySQL

1 Answers1