22 days ago
We have been running a jump host on our infrastructure in order to securely connect to node debuggers from extra locations. The jump host runs openssh on top of Kali linux, exposes the SSH port via TCP forwarding (fully locked down, only pubkey authentication allowed) and allows port forwarding to the node.js inspector ports on the internal network.
Up until yesterday, everything was working fine.
When the container was redeployed yesterday (April 29), we started seeing new errors related to audit syscalls emitted by sshd:
debug1: audit_event: unhandled event 12
linux_audit_write_entry failed: Operation not permittedDid the railway team lock down the audit syscalls in containers yesterday?
This seems very similar to https://bugzilla.redhat.com/show%5Fbug.cgi?id=1923728
Thanks,
Phil.
4 Replies
Status changed to Awaiting Railway Response Railway • 22 days ago
Status changed to Awaiting User Response Railway • 22 days ago
21 days ago
Thank you for confirming @brody.
Are these kind of low-level changes announced anywhere? https://railway.com/changelog doesn't say anything...
Status changed to Awaiting Railway Response Railway • 21 days ago
21 days ago
These types of low-level security hardening changes aren't published to the changelog.
Status changed to Awaiting User Response Railway • 21 days ago
21 days ago
OK, good to know, thank you.
Status changed to Awaiting Railway Response Railway • 21 days ago
Status changed to Solved philtroinr • 21 days ago