Date: Sun, 19 Jul 1998 14:15:29 +0200 From: Ollivier Robert <roberto@keltia.freenix.fr> To: freebsd-security@FreeBSD.ORG Subject: Re: cryptographically secure logging Message-ID: <19980719141529.A5494@keltia.freenix.fr> In-Reply-To: <wxlnpqfgcq.fsf@polysynaptic.iq.org>; from Julian Assange on Sun, Jul 19, 1998 at 05:29:57PM %2B1000 References: <wxlnpqfgcq.fsf@polysynaptic.iq.org>
next in thread | previous in thread | raw e-mail | index | archive | help
According to Julian Assange: > interested to know that Darren Reed and I have actually implemented > one of these for unix. It's also a very flexible syslogd replacement in > it's own right (thanks to Darren). It's called nsyslog and is > available from http://cheops.anu.edu.au/~avalon/nsyslog.html. It will > be included in the default NetBSD distribution (although it should run > on most unix platforms). There is also ssylog made by Core SDI in Brazil. It uses encryption and authentication. -=-=-=- 1.a. Getting the last version The last version of the secure syslog package will always be available at http://www.core-sdi.com/ssyslog. You may want to check out for a new release before installing. The distribution file should look like 'ssyslog-X.XX.tar.gz'. Where X.XX stands for version number (i.e. 'ssyslog-0.99.tar.gz'). You will need also the GNU gunzip command in order to decompress it. -=-=-=- -=-=-=- 1. What is Secure Syslog? Secure Syslog (ssyslog) is a daemon intended to replace the traditional syslog daemon present on most UNIX-like operating systems. It takes adventage of advanced cryptographic protocols to make system logs auditable in a secure-way. It also implements a network protocol that allows centralized auditing of system logs. For the scheme behind ssyslog to be completed, a trusted remote machine is needed, this machine will called auditing machine 2. What is wrong with old syslog? Old Syslog stores system logs in local files, if an intruder gains root privileges on a given machine, she can modify or erase any of the logs... if she is carefull enough she can do this so nobody will ever notice the logs where modified. From the perspective of security this is wrong. The auditing of system logs is not possible under this circumstances. Most versions of syslog can be configured so that system logs are transmited and logged in a loghost... but this generates a lot of traffic in the network. Secure Syslog avoid this problems implementing a protocol that allows the future authentication of system logs and permits the log transfer to be done as requested by the auditor (in the loghost) and in hours of low network traffic. 3. What makes the SECURE part of Secure syslog secure? The cryptographic protocol used for log authentication, called PEO-1, is designed so that a trusted auditor can check if any of the logs where adulterated. Using this protocol the append-only property of system logs is assured. The communications with the auditor are encrypted using Blowfish (a symmetric cryptography block algorithm), and the auditor is authenticated using a challenge-response protocol. Ssyslog uses sha-1 as the one way hash function needed for PEO-1. 4. Where can I find more about PEO-1? In http://www.core-sdi.com/ssyslog are links to the original papers describing PEO-1, and other related documents. -=-=-=- -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 3.0-CURRENT #61: Sun Jul 12 14:38:23 CEST 1998 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980719141529.A5494>