From owner-freebsd-questions@FreeBSD.ORG Tue Sep 28 23:19:12 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4E9B416A4CE; Tue, 28 Sep 2004 23:19:12 +0000 (GMT) Received: from grog.secure-computing.net (grog.secure-computing.net [63.228.14.241]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9FFA043D1F; Tue, 28 Sep 2004 23:19:11 +0000 (GMT) (envelope-from ecrist@secure-computing.net) Received: from [67.1.199.132] (0-1pool199-132.nas2.fargo1.nd.us.da.qwest.net [67.1.199.132]) (authenticated bits=0)i8SNJ1SD001023; Tue, 28 Sep 2004 18:19:03 -0500 (CDT) (envelope-from ecrist@secure-computing.net) In-Reply-To: References: <20040928143827.57146.qmail@web52506.mail.yahoo.com> Mime-Version: 1.0 (Apple Message framework v619) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Eric Crist Date: Tue, 28 Sep 2004 18:18:04 -0500 To: Garance A Drosehn X-Pgp-Agent: GPGMail 1.0.2 X-Mailer: Apple Mail (2.619) X-Virus-Scanned: clamd / ClamAV version 0.74, clamav-milter version 0.74a on grog.secure-computing.net X-Virus-Status: Clean cc: Ronj_clark@yahoo.com cc: FreeBSD Questions Subject: Re: newsyslog.conf question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Sep 2004 23:19:12 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sep 28, 2004, at 6:04 PM, Garance A Drosehn wrote: > At 7:38 AM -0700 9/28/04, Ronnie Clark wrote: >> Hello all, >> >> Having read the man page for this file's >> configuration, I notice there is not an option to >> digitally sign the logs on rotation using PGP/GPG. Is >> there a workaround? or are there plans to add this >> functionality to future versions, like 5.3 -STABLE? > > That is not on my list of things to add to newsyslog, but > I could certainly put something for this on the list... > If I do it, it will show up in 5.3-stable, and possibly > even in 4.x-stable (although that is less likely once we > have 5.3-stable). What I might add is some generic way > to specify a program to run after a log file has been > rotated, where newsyslog will specify the name of the > (already rotated) log file when it runs the program. This is not something I had really thought of before today, but it would be a very handy feature to have. The PGP/GPG signature or an MD5 hash, something that could be used to verify the integrity of the log file once it's been rotated. Just my $.02. - ----- Eric F Crist Secure Computing Networks -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) iEYEARECAAYFAkFZ8S0ACgkQRAAY9knOW+pDcQCcC/6RyI4NTU++us4teC3KEGgJ VTMAn14BNTrKhLv83KlYlBdDJdp9uk8h =PTBk -----END PGP SIGNATURE-----