From owner-freebsd-questions@FreeBSD.ORG  Wed Oct 22 19:10:57 2014
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id C56FFF97
 for <freebsd-questions@freebsd.org>; Wed, 22 Oct 2014 19:10:57 +0000 (UTC)
Received: from be-well.ilk.org (be-well.ilk.org [23.30.133.173])
 by mx1.freebsd.org (Postfix) with ESMTP id 9F4D03FD
 for <freebsd-questions@freebsd.org>; Wed, 22 Oct 2014 19:10:57 +0000 (UTC)
Received: by be-well.ilk.org (Postfix, from userid 1147)
 id C896533C4B; Wed, 22 Oct 2014 15:10:56 -0400 (EDT)
From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org>
To: mexas@bris.ac.uk
Subject: Re: system identification in utx database?
References: <201410200937.s9K9bqk3019398@mech-as221.men.bris.ac.uk>
Date: Wed, 22 Oct 2014 15:10:56 -0400
In-Reply-To: <201410200937.s9K9bqk3019398@mech-as221.men.bris.ac.uk> (Anton
 Shterenlikht's message of "Mon, 20 Oct 2014 10:37:52 +0100 (BST)")
Message-ID: <44oat3c43j.fsf@be-well.ilk.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain
Cc: freebsd-questions@freebsd.org
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Oct 2014 19:10:57 -0000

Anton Shterenlikht <mexas@bris.ac.uk> writes:

> Is there any information in a utx(8) database (log)
> that allows one to identify the system where
> that database was recorded? I cannot find any.

You're right; there isn't any.

> I need to preserve the utx access logs from several
> FreeBSD boxes. If I copy the logs to another box,
> or just print, I lose the information about the
> system where these logs came from.
> This is because this information does not
> seem to be present in the logs themselves.
> So I have to add some manual database identification,
> which might cast doubt on the database authenticity
> or integrity, if I even need to rely such databases,
> e.g. in court.

That doesn't make sense.  The file contents aren't any more secure from
modification than is the file metadata. I'd recommend determining
standard practice for your type of business, and following that. It may
be a good idea to obtain professional legal advice if legal weight is a
real concern.

> So, I wonder if there is some system identification
> information written to utx database that I'm not
> familiar with.
>
> I also have auditing enabled, but I'm still
> learning it, and don't want to loose the
> simplicity of utx.

Again, you don't have any guarantees of integrity. You might be able to
put a technical solution together with cryptographic signatures, but you
need to figure out what your real requirements are first.