You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "Ferenc Gerlits (Jira)" <ji...@apache.org> on 2021/06/03 07:31:00 UTC

[jira] [Updated] (MINIFICPP-1579) Fingerprinting of the conf file in agent's heartbeat

     [ https://issues.apache.org/jira/browse/MINIFICPP-1579?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ferenc Gerlits updated MINIFICPP-1579:
--------------------------------------
    Description: 
It'd be useful to add the fingerprint of the configuration file(s) of the agent and have this information as part of the heartbeat. This would be used to make sure no one is changing the configuration files locally for agents deployed on non trusted hosts.

TBD: A strong enough algorithm should be used to make sure this can't be spoofed (SHA256 or 512?). Or the value could be signed?

TBD: Do we need both the properties file and the config.yml file, or only the properties file?  (and does "properties file" mean all of minifi.properties, minifi-log.properties, minifi-uid.properties, bootstrap.conf? – probably yes)

  was:
It'd be useful to add the fingerprint of the configuration file(s) of the agent and have this information as part of the heartbeat. This would be used to make sure no one is changing the configuration files locally for agents deployed on non trusted hosts.

TBD: A strong enough algorithm should be used to make sure this can't be spoofed (SHA256 or 512?). Or the value could be signed?

TBD: Do we need both the properties file and the config.yml file, or only the properties file?


> Fingerprinting of the conf file in agent's heartbeat
> ----------------------------------------------------
>
>                 Key: MINIFICPP-1579
>                 URL: https://issues.apache.org/jira/browse/MINIFICPP-1579
>             Project: Apache NiFi MiNiFi C++
>          Issue Type: Task
>            Reporter: Ferenc Gerlits
>            Assignee: Ferenc Gerlits
>            Priority: Major
>             Fix For: 0.11.0
>
>
> It'd be useful to add the fingerprint of the configuration file(s) of the agent and have this information as part of the heartbeat. This would be used to make sure no one is changing the configuration files locally for agents deployed on non trusted hosts.
> TBD: A strong enough algorithm should be used to make sure this can't be spoofed (SHA256 or 512?). Or the value could be signed?
> TBD: Do we need both the properties file and the config.yml file, or only the properties file?  (and does "properties file" mean all of minifi.properties, minifi-log.properties, minifi-uid.properties, bootstrap.conf? – probably yes)



--
This message was sent by Atlassian Jira
(v8.3.4#803005)