[1552] in linux-security and linux-alert archive
[linux-security] signing syslog files with PGP
daemon@ATHENA.MIT.EDU (Hannes R. Boehm)
Mon May 26 07:14:01 1997
Date: Sun, 25 May 1997 19:16:01 +0200
From: "Hannes R. Boehm" <hannes@boehm.org>
To: linux-security@redhat.com
Cc: hannes@boehm.org
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
I am thinking about writing some sort of deamon which signs syslog
files with PGP.
This should help dedecting unauthorised changes in the syslog files.
What I have in mind works as follows:
Whenever a new line is added to a syslog file the existing syslog file
checked against the privious made signature. If the file passes this
test, the new line(s) is/are added. Then a new signature is computed,
and stored.
If the secret key ring is modified or deleted or the syslog files have
been changed by hand, the deamon can=B4t verify the signature and will
alarm the system administrator.
To decrease the cpu load the deamon could wait until it has received a
bunch of syslog messages before actually writing them to the file.
To prohibit unauthorised access to the secret key, the key ring is
protected by a pass-phrase which is only known by the system
administrator and has to be entered on startup.
> What do you think about this concept ?
If you think this will [not] work, please write me a short message.
Hannes R. Boehm
[mod: reformatted, deleted PGP signature. Sorry. -- REW]
--
!------------------------------------------------------------------!
Hannes R. Boehm
email : hannes@boehm.org
www : http://hannes.boehm.org
PGP-key : http://hannes.boehm.org/hannes-pgp.asc
!------------------------------------------------------------------!