Skip to content

Log Insight 2.5: No POODLE

There have been two major security vulnerabilities exposed this year that impacted most VMware products: ShellShock and POODLE. Log Insight addressed ShellShock by releasing a patch for Log Insight 1.5 GA, 2.0 GA and 2.5 TP3 and newer. In Log Insight 2.5 GA the POODLE attack has also been mitigated. In short, SSLv3 has been disabled. To my knowledge, this is the first VMware product with a server-side fix against POODLE that does not require manual user intervention. Note previous versions of Log Insight have not been patched. If you wish to disable SSLv3 on previous versions of Log Insight, read on.
no_poodle

To disable SSLv3 on previous versions of Log Insight, SSH to the virtual appliance and edit /usr/lib/loginsight/application/etc/3rd_config/server.xml. Search for “XX_STRATA_HTTPS_PORT_XX” and you will find a section that looks like:

To this section, a protocols name/value pair needs to be added so the section looks like this:

Now just restart the Log Insight service (service loginsight restart) and you are all set. You can easily verify that SSLv3 is disabled by running a remote command from a system with openssl installed. If SSLv3 is enabled you will see:

If SSLv3 is disabled you will see:

© 2014, Steve Flanders. All rights reserved.

Published inVMware

Be First to Comment

    Leave a Reply

    Your email address will not be published. Required fields are marked *