Does anyone know if Filebeat keystore is reversible? is it as secure as the Linux Shadow file?
1 Like
So I'll answer your first question by saying yes, filebeat keystore is just as secure as linux shadow file. As you know, passwords in the shadow file are encrypted and stored and access is limited to root user. In Filebeat Keystore, secure information is defined into an obfuscated or obscure data store and accessed through commands using the Keys' name. Even if someone accesses the data store, they wouldn't be able to decipher the intended meaning of the file because of the intentional distortion.
Both Linux Shadow file and Filebeat Keystore follow the same idea of storing sensitive data into files that cannot be easily understood by someone without access. Whether filebeat keystore is reversible or not, i'm not sure. I know with the shadow file, the data can be unencrypted but with Filebeat Keystore, the user only interfaces with it via Keystore commands.
Hope this helps
1 Like
Thanks! I hope that your answer will be added into Filebeat's documentation.
Hi @danielc,
I need to update my response. I said Filebeat keystore is as secure as the linux shadow file and that's not true.
-
the shadow file is hashed (so it's one way). the keystore needs to get back the original value so is encrypted (you get back the original value)
-
With Filebeat keystore, we always say obfuscate and not encrypt, because we use a blank password (and I think this is still the case looking at Keystore: Allow user to set their own password on the keystore · Issue #5737 · elastic/beats · GitHub)
So these are essentially two very different methods and to say filebeat keystore is just as secure as linux shadow file would be too much of a blanket statement.
Sorry for the confusion.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.