[1552] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] signing syslog files with PGP

daemon@ATHENA.MIT.EDU (Hannes R. Boehm)
Mon May 26 07:14:01 1997

Date: Sun, 25 May 1997 19:16:01 +0200
From: "Hannes R. Boehm" <hannes@boehm.org>
To: linux-security@redhat.com
Cc: hannes@boehm.org
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com


I am thinking about writing some sort of deamon which signs syslog
files with PGP.

This should help dedecting unauthorised changes in the syslog files.

What I have in mind works as follows:

Whenever a new line is added to a syslog file the existing syslog file
checked against the privious made signature. If the file passes this
test, the new line(s) is/are added. Then a new signature is computed,
and stored.

If the secret key ring is modified or deleted or the syslog files have
been changed by hand, the deamon can=B4t verify the signature and will
alarm the system administrator.

To decrease the cpu load the deamon could wait until it has received a
bunch of syslog messages before actually writing them to the file.

To prohibit unauthorised access to the secret key, the key ring is
protected by a pass-phrase which is only known by the system
administrator and has to be entered on startup.


> What do you think about this concept ?

If you think this will [not] work, please write me a short message.


Hannes R. Boehm

[mod: reformatted, deleted PGP signature. Sorry. -- REW]

--
!------------------------------------------------------------------!
  Hannes R. Boehm
        email   : hannes@boehm.org
        www     : http://hannes.boehm.org
        PGP-key : http://hannes.boehm.org/hannes-pgp.asc
!------------------------------------------------------------------!


home help back first fref pref prev next nref lref last post