infix icon indicating copy to clipboard operation
infix copied to clipboard
verified publisher icon kernelkit

Worrying rousette warnings in log

Open troglobit opened this issue 11 months ago • 3 comments

Suggest patching these two logs that might look a bit worrying to end users:

Jan 14 05:42:12 ix-00-00-00 rousette[3439]: [2025-01-14 05:42:12.277] [rousette] [info] NACM config validation: Anonymous user access disabled 
Jan 14 05:42:12 ix-00-00-00 rousette[3439]: [2025-01-14 05:42:12.278] [rousette] [warning] Telemetry disabled. No CzechLight YANG modules found.

troglobit avatar Jan 15 '25 16:01 troglobit

Agree!

mattiaswal avatar Jan 20 '25 08:01 mattiaswal

I would say that the first "info" is more of a security issue that needs to be patched away in rousette (and upstreamed): From the Readme of rousette, annonymous access is enabled when:

1. The first entry of `rule-list` list must be configured for `ANONYMOUS_USER_GROUP`.
2. All the rules except the last one in this rule-list entry must enable only "read" access operation.
3. The last rule in the first rule-set must be a wildcard rule that disables all operations over all modules.

The anonymous user access is disabled whenever these rules are not met.

mattiaswal avatar Jan 21 '25 13:01 mattiaswal

For anonymous we should add a switch to rousette that prefered enable anonymous mode, and test if they accept it.

mattiaswal avatar Jan 21 '25 13:01 mattiaswal