Fuel for OpenStack

rsyncd should listen on admin network instead of 0.0.0.0

Bug #1614101 reported by Roman Sokolkov
260
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Fuel for OpenStack
Fix Committed
High
Maksim Malchuk
Fuel for OpenStack 10.0
Mitaka
Fix Released
High
Maksim Malchuk
Fuel for OpenStack 9.1

Bug Description

Currently rsyncd binds to 0.0.0.0:873, for security reasons it's better to bind to admin network only.

See original description
Roman Sokolkov (rsokolkov)
description: updated
Dmitry Guryanov (dguryanov)
Changed in fuel:
status: New → Confirmed
importance: Undecided → High
assignee: nobody → Fuel Sustaining (fuel-sustaining-team)
milestone: none → 10.0
Maksim Malchuk (mmalchuk)
Changed in fuel:
assignee: Fuel Sustaining (fuel-sustaining-team) → Maksim Malchuk (mmalchuk)
tags: added: area-library team-bugfix
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to fuel-library (master)

Fix proposed to branch: master
Review: https://review.openstack.org/356756

Changed in fuel:
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to fuel-library (stable/mitaka)

Fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/356758

Dmitry Pyzhov (dpyzhov)
information type: Public → Public Security
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to fuel-library (master)

Reviewed: https://review.openstack.org/356756
Committed: https://git.openstack.org/cgit/openstack/fuel-library/commit/?id=73ae62e18c7077881dbc6280b3f72f9d9ea7b264
Submitter: Jenkins
Branch: master

commit 73ae62e18c7077881dbc6280b3f72f9d9ea7b264
Author: Maksim Malchuk <email address hidden>
Date: Thu Aug 18 00:27:57 2016 +0300

    Bind rsyncd service to admin network only

    For security reasons rsyncd service should listen on admin network
    only. This change configures both global rsyncd and xinetd files.
    Also, it contains some styling cleanups.

    Change-Id: I76987935edbae602636b556d26b2fca83eff29d8
    Closes-Bug: #1614101
    Signed-off-by: Maksim Malchuk <email address hidden>

Changed in fuel:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to fuel-library (stable/mitaka)

Reviewed: https://review.openstack.org/356758
Committed: https://git.openstack.org/cgit/openstack/fuel-library/commit/?id=4cacdbb9b7db64259e3985b5bba80c844130c40c
Submitter: Jenkins
Branch: stable/mitaka

commit 4cacdbb9b7db64259e3985b5bba80c844130c40c
Author: Maksim Malchuk <email address hidden>
Date: Thu Aug 18 00:27:57 2016 +0300

    Bind rsyncd service to admin network only

    For security reasons rsyncd service should listen on admin network
    only. This change configures both global rsyncd and xinetd files.
    Also, it contains some styling cleanups.

    Change-Id: I76987935edbae602636b556d26b2fca83eff29d8
    Closes-Bug: #1614101
    Signed-off-by: Maksim Malchuk <email address hidden>
    (cherry picked from commit 73ae62e18c7077881dbc6280b3f72f9d9ea7b264)

Tatyana Kuterina (tkuterina)
tags: added: on-verification
Revision history for this message
Tatyana Kuterina (tkuterina) wrote :

Verified on 9.1 snapshot #173

tags: removed: on-verification
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/fuel-library 10.0.0rc1

This issue was fixed in the openstack/fuel-library 10.0.0rc1 release candidate.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/fuel-library 10.0.0

This issue was fixed in the openstack/fuel-library 10.0.0 release.

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.