made some changes to my pgp key, updated to all keyservers but not my OSSEC alerts are not coming to me encrypted anymore. Can someone point me in the right direction to find documentation on updating the key within the OSSEC keyring?
Do you mean they’re coming through in cleartext? If so that’s a bug. If not, and you mean that they can’t be decrypted, then you’ll need to update the system config with the new key’s pubkey:
In general, if you want to make system config changes you’ll need to use the admin workstation and run ./securedrop-admin sdconfig to change the required variables and ./securedrop-admin install to update the servers with the changes. It’s documented here:
https://docs.securedrop.org/en/release-1.2.1/admin.html#updating-system-configuration
In this specific case, to update the OSSEC key, you’ll need to
0) take a backup of your instance before you do anything else, just in case!
- copy the public key of the new GPG key into
~/Persistent/securedrop/install_files/ansible-base/on the admin workstation, - get its fingerprint
- run
sdconfigand update the ossec key filename and fingerprint with the values above - run
installto push the new pubkey to the monitor server
You can send test OSSEC alerts via the admin section of the journalist interface - they may take up to 15 minutes to be compiled and sent.
1 Like
No bug, just not decrypting anymore. Thank you, I will give it a go.
im in the Persistent/securedrop$ directory but when I run the ./securedrop-admin sdconfig it says there is no directory. I was then prompted to run securedrop-admin setup' instead and got the network error: 'ERROR: Failed to install pip dependencies. Check network connection and try again
Any suggestions?
Is your admin stick updated to Tails 4.x and the latest SecureDrop version? (1.2.1 at the moment.) That sounds like the errors to be expected if it was behind on either or both. The update to Tails 4 happened a while back with 1.1.0 and you can find more info on that here:
https://docs.securedrop.org/en/release-1.2.1/upgrade/1.0.0_to_1.1.0.html
If that doesn’t help, and you want to share the errors that you’re seeing privately, probably the best way to do so would be via the support portal at https://support.freedom.press/ .