As for what I see in the thread, everybody agrees that the checksum value idea would work fine. However, there is a question I have. If you want to authenticate the logs for yourself, meaning that it is only you the person that will care for the authentication of the logs, then any checksum such as PEO (see my previous mail in the thread) will work. If somebody else is to trust in the authenticity of these logs, then the plain checksum idea wont work. You'd need to fix a protocol for authenticationg logs. An easy way to do it is have someone calculate the PEO checksum for you (a plain checksum wouldn't work here since you'd be able to alter the logs in your machine and modifications would pass unnoticed. Ariel Waissbein David Douthitt wrote: > > I've gone to using syslog-ng to keeping logs separated out, and to > preserve logs for a long time for record purposes. > > Now it occurs to me that someone could say, "Gee, how do we know that > these logs haven't been altered?" > > What about a digital signature for each log? How would you go about > this? I was thinking of using gpg (GNU Privacy Guard) but haven't > gotten far enough to know how - and my reference book is the PGP book > from O'Reilly and Associates. > > ----------------------------------------------------------------- > > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: > > http://aris.securityfocus.com -- ==============[ CORE Security Technologies ]============= Ariel Waissbein Researcher - Corelabs email : ariel_waissbeinat_private http://www.corest.com ========================================================= I was scared. Petrified. Because (x) hearing voices isn't like catching a cold, you can't get rid of it with lemmon tea (y) it's inside, it is not some naevus, an epidermal blemish you can cover up or cauterise (z) I had no control over it. It was there of its own volition, just stopped in and (zz) I was going bananas. -Tibor Fischer ``The Thought Gang" ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Jul 23 2001 - 11:35:08 PDT