Last Modified: Oct 04, 2024
Affected Product(s):
BIG-IP SSLO
Known Affected Versions:
15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4, 15.1.10.5, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 16.1.5, 16.1.5.1, 17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4
Opened: Feb 28, 2023 Severity: 2-Critical
In the Appliance mode, access to the advanced shell(bash)/root is removed. In this scenario, SSL Orchestrator writes audit logs to the local file system which is inaccessible in this mode.
You cannot access SSL Orchestrator Audit logs as the access to shell is restricted.
BIG-IP system running in the appliance mode.
Configure syslog to write logs from the ssloAudit.log file to the remote logging server. 1. Run the syslog server on the remote destination 2. Log in to tmsh by entering the following command: tmsh 3. Modify syslog configuration to write the audit logs to syslog server using UDP protocol modify sys syslog include 'source s_sslo_audit { file("/var/log/restnoded/ssloAudit.log" follow_freq(1) flags(no-parse)); }; destination d_to_secure_syslog { syslog(<remote-server-ip> transport(udp) port(514) ); }; log { source(s_sslo_audit);destination(d_to_secure_syslog); };' 4. To save the configuration, enter the following command: save /sys config 5. For BIG-IP systems in a high availability (HA) configuration, perform a ConfigSync to synchronize the changes to the other devices in the device group.
None