vyos/vyos-documentation
1
0
Fork 0
mirror of https://github.com/vyos/vyos-documentation.git synced 2025-12-13 09:02:02 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1701 from alexandr-san4ez/T4251-current-fix2

Browse Source 
syslog: T4251: Rename "permitted-peers" to "permitted-peer"
This commit is contained in:
Viacheslav Hletenko 2025-11-28 14:18:02 +02:00 committed by GitHub
commit 155ddbd19d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
docs/configuration/system/syslog.rst
View File

@ -151,19 +151,19 @@ if you attempt to enable TLS while using UDP, the system will issue a warning.
* **anon** - allow encrypted connection without verifying peer identity
(not recommended, vulnerable to :abbr:`MITM (Man-in-the-Middle)`).
* **fingerprint** - verify the peer certificate against an explicitly
configured fingerprint list (set with ``permitted-peers``).
configured fingerprint list (set with ``permitted-peer``).
* **certvalid** - validate that the peer presents a certificate signed by
a trusted CA, but do not check the certificate subject name
(:abbr:`CN (Common Name)`).
* **name** - validate that the peer presents a certificate signed by a
trusted CA and that the certificates CN matches the value configured in
``permitted-peers``. This is the recommended secure mode for production.
``permitted-peer``. This is the recommended secure mode for production.
.. note:: The default value for the authentication mode is ``anon``.
.. cfgcmd:: set system syslog remote <address> tls permitted-peers <peer_list>
.. cfgcmd:: set system syslog remote <address> tls permitted-peer <peer>
Comma-separated list of permitted peers or certificates subject names (CN).
Allowed peer certificate fingerprint or subject name (CN).
* In ``fingerprint`` authentication mode: provide one or more peer
certificate fingerprints (SHA1 or SHA256).
@ -195,7 +195,7 @@ Examples:
set system syslog remote syslog.example.com protocol tcp
set system syslog remote syslog.example.com tls ca-certificate my-ca
set system syslog remote syslog.example.com tls auth-mode fingerprint
set system syslog remote syslog.example.com tls permitted-peers 'SHA1:10:C4:26:...,SHA256:7B:4B:10:...'
set system syslog remote syslog.example.com tls permitted-peer 'SHA1:10:C4:26:...'
# Example of 'name' authentication mode
set system syslog remote graylog.example.com facility all level debug
@ -204,7 +204,7 @@ Examples:
set system syslog remote graylog.example.com tls ca-certificate my-ca
set system syslog remote graylog.example.com tls certificate syslog-client
set system syslog remote graylog.example.com tls auth-mode name
set system syslog remote graylog.example.com tls permitted-peers 'graylog.example.com'
set system syslog remote graylog.example.com tls permitted-peer 'graylog.example.com'
Security Notes
^^^^^^^^^^^^^^