Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 22 Oct 2014 15:10:56 -0400
From:      Lowell Gilbert <freebsd-questions-local@be-well.ilk.org>
To:        mexas@bris.ac.uk
Cc:        freebsd-questions@freebsd.org
Subject:   Re: system identification in utx database?
Message-ID:  <44oat3c43j.fsf@be-well.ilk.org>
In-Reply-To: <201410200937.s9K9bqk3019398@mech-as221.men.bris.ac.uk> (Anton Shterenlikht's message of "Mon, 20 Oct 2014 10:37:52 %2B0100 (BST)")
References:  <201410200937.s9K9bqk3019398@mech-as221.men.bris.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help 
Anton Shterenlikht <mexas@bris.ac.uk> writes:

> Is there any information in a utx(8) database (log)
> that allows one to identify the system where
> that database was recorded? I cannot find any.

You're right; there isn't any.

> I need to preserve the utx access logs from several
> FreeBSD boxes. If I copy the logs to another box,
> or just print, I lose the information about the
> system where these logs came from.
> This is because this information does not
> seem to be present in the logs themselves.
> So I have to add some manual database identification,
> which might cast doubt on the database authenticity
> or integrity, if I even need to rely such databases,
> e.g. in court.

That doesn't make sense.  The file contents aren't any more secure from
modification than is the file metadata. I'd recommend determining
standard practice for your type of business, and following that. It may
be a good idea to obtain professional legal advice if legal weight is a
real concern.

> So, I wonder if there is some system identification
> information written to utx database that I'm not
> familiar with.
>
> I also have auditing enabled, but I'm still
> learning it, and don't want to loose the
> simplicity of utx.

Again, you don't have any guarantees of integrity. You might be able to
put a technical solution together with cryptographic signatures, but you
need to figure out what your real requirements are first.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44oat3c43j.fsf>