Bacula TLS – Communications Encryption

投稿者: | 2014年6月11日

Bacula TLS – Communications Encryption

Bacula TLS (Transport Layer Security) is built-in network encryption code to provide secure network transport similar to that offered by stunnel or ssh. The data written to Volumes by the Storage daemon is not encrypted by this code. For data encryption, please see the Data Encryption ChapterDataEncryption of this manual.

The Bacula encryption implementations were written by Landon Fuller.

Supported features of this code include:

  • Client/Server TLS Requirement Negotiation
  • TLSv1 Connections with Server and Client Certificate Validation
  • Forward Secrecy Support via Diffie-Hellman Ephemeral Keying

This document will refer to both “server” and “client” contexts. These terms refer to the accepting and initiating peer, respectively.

Diffie-Hellman anonymous ciphers are not supported by this code. The use of DH anonymous ciphers increases the code complexity and places explicit trust upon the two-way CRAM-MD5 implementation. CRAM-MD5 is subject to known plaintext attacks, and it should be considered considerably less secure than PKI certificate-based authentication.

Appropriate autoconf macros have been added to detect and use OpenSSL if enabled on the ./configure line with --with-openssl

TLS Configuration Directives

Additional configuration directives have been added to all the daemons (Director, File daemon, and Storage daemon) as well as the various different Console programs. These new directives are defined as follows:

TLS Enable = yes|no
Enable TLS support. If TLS is not enabled, none of the other TLS directives have any effect. In other words, even if you set TLS Require = yes you need to have TLS enabled or TLS will not be used. 

TLS Require = yes|no
Require TLS connections. This directive is ignored unless TLS Enable is set to yes. If TLS is not required, and TLS is enabled, then Bacula will connect with other daemons either with or without TLS depending on what the other daemon requests. If TLS is enabled and TLS is required, then Bacula will refuse any connection that does not use TLS. 

TLS Certificate = Filename
The full path and filename of a PEM encoded TLS certificate. It can be used as either a client or server certificate. PEM stands for Privacy Enhanced Mail, but in this context refers to how the certificates are encoded. It is used because PEM files are base64 encoded and hence ASCII text based rather than binary. They may also contain encrypted information. 

TLS Key = Filename
The full path and filename of a PEM encoded TLS private key. It must correspond to the TLS certificate. 

TLS Verify Peer = yes|no
Verify peer certificate. Instructs server to request and verify the client’s x509 certificate. Any client certificate signed by a known-CA will be accepted unless the TLS Allowed CN configuration directive is used, in which case the client certificate must correspond to the Allowed Common Name specified. This directive is valid only for a server and not in a client context. 

TLS Allowed CN = string list
Common name attribute of allowed peer certificates. If this directive is specified, all server certificates will be verified against this list. This can be used to ensure that only the CA-approved Director may connect. This directive may be specified more than once. 

TLS CA Certificate File = Filename
The full path and filename specifying a PEM encoded TLS CA certificate(s). Multiple certificates are permitted in the file. One of TLS CA Certificate File or TLS CA Certificate Dir are required in a server context if TLS Verify Peer (see above) is also specified, and are always required in a client context. 

TLS CA Certificate Dir = Directory
Full path to TLS CA certificate directory. In the current implementation, certificates must be stored PEM encoded with OpenSSL-compatible hashes, which is the subject name’s hash and an extension of .0. One of TLS CA Certificate Fileor TLS CA Certificate Dir are required in a server context if TLS Verify Peer is also specified, and are always required in a client context. 

TLS DH File = Directory
Path to PEM encoded Diffie-Hellman parameter file. If this directive is specified, DH key exchange will be used for the ephemeral keying, allowing for forward secrecy of communications. DH key exchange adds an additional level of security because the key used for encryption/decryption by the server and the client is computed on each end and thus is never passed over the network if Diffie-Hellman key exchange is used. Even if DH key exchange is not used, the encryption/decryption key is always passed encrypted. This directive is only valid within a server context.To generate the parameter file, you may use openssl:

 

 
   openssl dhparam -out dh1024.pem -5 1024

 

 

Creating a Self-signed Certificate

You may create a self-signed certificate for use with the Bacula TLS that will permit you to make it function, but will not allow certificate validation. The .pem file containing both the certificate and the key valid for ten years can be made with the following:

   openssl req -new -x509 -nodes -out bacula.pem -keyout bacula.pem -days 3650

The above script will ask you a number of questions. You may simply answer each of them by entering a return, or if you wish you may enter your own data.

Note, however, that self-signed certificates will only work for the outgoing end of connections. For example, in the case of the Director making a connection to a File Daemon, the File Daemon may be configured to allow self-signed certificates, but the certificate used by the Director must be signed by a certificate that is explicitly trusted on the File Daemon end.

This is necessary to prevent man in the middle” attacks from tools such as ettercap. Essentially, if the Director does not verify that it is talking to a trusted remote endpoint, it can be tricked into talking to a malicious 3rd party who is relaying and capturing all traffic by presenting its own certificates to the Director and File Daemons. The only way to prevent this is by using trusted certificates, so that the man in the middle is incapable of spoofing the connection using his own.

To get a trusted certificate (CA or Certificate Authority signed certificate), you will either need to purchase certificates signed by a commercial CA or find a friend that has setup his own CA or become a CA yourself, and thus you can sign all your own certificates. The book OpenSSL by John Viega, Matt Mesier & Pravir Chandra from O’Reilly explains how to do it, or you can read the documentation provided in the Open-source PKI Book project at Source Forge:http://ospkibook.sourceforge.net/docs/OSPKI-2.4.7/OSPKI-html/ospki-book.htm. Note, this link may change.

The program TinyCA has a very nice Graphical User Interface that allows you to easily setup and maintain your own CA. TinyCA can be found at http://tinyca.sm-zone.net/.

Getting a CA Signed Certificate

The process of getting a certificate that is signed by a CA is quite a bit more complicated. You can purchase one from quite a number of PKI vendors, but that is not at all necessary for use with Bacula. To get a CA signed certificate, you will either need to find a friend that has setup his own CA or to become a CA yourself, and thus you can sign all your own certificates. The book OpenSSL by John Viega, Matt Mesier & Pravir Chandra from O’Reilly explains how to do it, or you can read the documentation provided in the Open-source PKI Book project at Source Forge: http://ospkibook.sourceforge.net/docs/OSPKI-2.4.7/OSPKI-html/ospki-book.htm. Note, this link may change.

Example TLS Configuration Files

Landon has supplied us with the TLS portions of his configuration files, which should help you setting up your own. Note, this example shows the directives necessary for a Director to Storage daemon session. The technique is the same between the Director and the Client and for bconsole to the Director.

bacula-dir.conf

   Director {                            # define myself
     Name = backup1-dir
     ...
     TLS Enable = yes
     TLS Require = yes
     TLS Verify Peer = yes
     TLS Allowed CN = "bacula@backup1.example.com"
     TLS Allowed CN = "administrator@example.com"
     TLS CA Certificate File = /usr/local/etc/ssl/ca.pem
     # This is a server certificate, used for incoming
     # console connections.
     TLS Certificate = /usr/local/etc/ssl/backup1/cert.pem
     TLS Key = /usr/local/etc/ssl/backup1/key.pem
   }

   Storage {
     Name = File
     Address = backup1.example.com
     ...
     TLS Require = yes
     TLS CA Certificate File = /usr/local/etc/ssl/ca.pem
     # This is a client certificate, used by the director to
     # connect to the storage daemon
     TLS Certificate = /usr/local/etc/ssl/bacula@backup1/cert.pem
     TLS Key = /usr/local/etc/ssl/bacula@backup1/key.pem
   }

   Client {
     Name = backup1-fd
     Address = server1.example.com
     ...
   
     TLS Enable = yes
     TLS Require = yes
     TLS CA Certificate File = /usr/local/etc/ssl/ca.pem
   }

bacula-fd.conf

   Director {
     Name = backup1-dir
     ...
     TLS Enable = yes
     TLS Require = yes
     TLS Verify Peer = yes
     # Allow only the Director to connect
     TLS Allowed CN = "bacula@backup1.example.com"
     TLS CA Certificate File = /usr/local/etc/ssl/ca.pem
     # This is a server certificate. It is used by connecting
     # directors to verify the authenticity of this file daemon
     TLS Certificate = /usr/local/etc/ssl/server1/cert.pem
     TLS Key = /usr/local/etc/ssl/server1/key.pem
   }

  FileDaemon {
     Name = backup1-fd
     ...
     # you need these TLS entries so the SD and FD can
     # communicate
     TLS Enable = yes
     TLS Require = yes

     TLS CA Certificate File = /usr/local/etc/ssl/ca.pem
     TLS Certificate = /usr/local/etc/ssl/server1/cert.pem
     TLS Key = /usr/local/etc/ssl/server1/key.pem
}

bacula-sd.conf

   Storage {                             # definition of myself
     Name = backup1-sd
     ...
     # These TLS configuration options are used for incoming
     # file daemon connections. Director TLS settings are handled
     # below.
     TLS Enable = yes
     TLS Require = yes
     # Peer certificate is not required/requested -- peer validity
     # is verified by the storage connection cookie provided to the
     # File Daemon by the director.
     TLS Verify Peer = no
     TLS CA Certificate File = /usr/local/etc/ssl/ca.pem
     # This is a server certificate. It is used by connecting
     # file daemons to verify the authenticity of this storage daemon
     TLS Certificate = /usr/local/etc/ssl/backup1/cert.pem
     TLS Key = /usr/local/etc/ssl/backup1/key.pem
   }

   #
   # List Directors who are permitted to contact Storage daemon
   #
   Director {
     Name = backup1-dir
     ...
     TLS Enable = yes
     TLS Require = yes
     # Require the connecting director to provide a certificate
     # with the matching CN.
     TLS Verify Peer = yes
     TLS Allowed CN = "bacula@backup1.example.com"
     TLS CA Certificate File = /usr/local/etc/ssl/ca.pem
     # This is a server certificate. It is used by the connecting
     # director to verify the authenticity of this storage daemon
     TLS Certificate = /usr/local/etc/ssl/backup1/cert.pem
     TLS Key = /usr/local/etc/ssl/backup1/key.pem
   }

 

カテゴリー: