Ask Your Question
2

Heartbleed openSSL puppet

asked 2014-04-09 14:57:07 -0500

Luke gravatar image

Does anyone know of the security implications with Puppet and the Heartbleed bug? I know puppet utilizes SSL for certificate generation.

(I am not too worried since my puppet masters are behind a firewall however some of my front facing servers are managed by puppet).

edit retag flag offensive close merge delete

Comments

If heartbleed reveals memory contents, it is possible that all memory managed by puppetmaster process has been revealed. Does this memory contain secrets defined e.g. in hiera? Potentially this ...(more)

bL gravatar imagebL ( 2014-04-10 02:21:40 -0500 )edit

The thing with heartbleed is that it can potentially reveal your private keys to an attacker, allowing them to sniff agent/master communication and/or perform Man In The Middle ...(more)

ffrank gravatar imageffrank ( 2014-04-10 04:34:41 -0500 )edit

2 Answers

Sort by ยป oldest newest most voted
1

answered 2014-04-09 17:03:23 -0500

ffrank gravatar image

updated 2014-04-10 04:52:19 -0500

This has been announced to the users' mailing list already. See the official site for all the info.

Updated information has been released in another thread.

edit flag offensive delete link more
1

answered 2014-04-10 09:15:30 -0500

Luke gravatar image

updated 2014-04-10 13:02:16 -0500

Just to give everyone more info on what I did with open source puppet. Using puppetdb and dashboard.

ensure all systems are upgraded to latest openssl version.

On my ubuntu clients

Manual

apt-get update
apt-get install openssl libssl1.0.0
service apache2 restart

Puppet code

 package { ["openssl", "libssl1.0.0"]:
  ensure  => latest,
  require => Package["apache2"],
  notify  => Service["apache2"],
}

Clean all certs on puppet masters and clients.

On Master

yum upgrade openssl
service puppetmaster stop
service puppetdb stop
service puppet-dashboard stop

kill the dashboard/delayed_job if required

ps aux | grep dashboard
kill PID

backup and remove ssl directories

cp -r /var ...
(more)
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2014-04-09 14:57:07 -0500

Seen: 278 times

Last updated: Apr 10 '14