Wed, 9 Jun 1999 19:29:57 +0200
I am thinking about the way digital hashes on output files should work.
Syslog-ng version 1.0.x implemented things this way:
The hash #0 is generated using some random salt and a password supplied by
the system administrator. The next hash is always generated by the previous
one (or #0 if this is the first) and the current log message sent to the
file. Each hash is stored in a file. Verifying the hashes is simple, you
give the password and check all the written hash entries for validity.
The hash algorithm used was sha1, though it could use md5 just as well.
The problem with the above approach is logrotation. To be really secure the
password may not be saved to the disk, and since starting the hash required
a password, new log files cannot be started automatically.
A solution could be "delayed hash start". This means, that when logfiles are
restarted no starthash is generated, and hashing is not done as long as the
system admin logs in, and initializes hashing by giving his password. After
initialization, hash is calculated for each message written this far. And
hashing could continue as normal.
The problem with the above may be that, if huge amounts of log had been
written, regenerating hashes could take some time, and could take log
service down for a while.
Other solution could be "interactive logrotation", where the system
administrator would have to give his password to restart logrotation.
Or yet another, I like this one best. syslog-ng generates a random value
which it will use to generate hash #0, then a copy of this random value is
sent to the sysadmin in an email message. Later when somebody wants to check
logfile integrity, a copy of this key is needed. This could also be a
security risk if that message remains on the same box.
Does anybody else have an idea?
PGP key: http://www.balabit.hu/pgpkey.txt, or finger firstname.lastname@example.org