srlog2 Secure Remote Log Transmission System Bruce Guenter <bruce@untroubled.org> Version 0.85 2008-10-27 This is srlog2, a secure remote log transmission system. A mailing list has been set up to discuss this and other packages. To subscribe, send an email to: bgware-subscribe@lists.untroubled.org A mailing list archive is available at: http://lists.untroubled.org/?list=bgware Development versions of srlog2 are available via Subversion at: svn://bruce-guenter.dyndns.org/srlog2/trunk Requirements: - bglibs version 1.104 or later - libtomcrypt version 1.03 or later - nistp224 library version 0.75 or later Installation: - Make sure the latest version of bglibs from http://untroubled.org/bglibs/ is compiled and installed. - Build the sources by running "make" - After the package has been compiled, run "make install" as root. Configuration: On the senders: - Create host keys in /etc/srlog2: srlog2-keygen -t nistp224 /etc/srlog2 srlog2-keygen -t curve25519 /etc/srlog2 - Copy all the public keys generated for the receiver (below) onto the sender system with the following file names: /etc/srlog2/servers/host.name.of.receiver.net.nistp224 /etc/srlog2/servers/host.name.of.receiver.net.curve25519 On the receiver: - Generate local host keys: srlog2-keygen -t nistp224 . srlog2-keygen -t curve25519 . cat nistp224 curve25519 >secrets - Copy one or both of the public keys generated on the sender(s) into a file called "senders" with the following format: host.name.of.sender:copy-of-sender's-/etc/srlog2/nistp224.pub host.name.of.sender:copy-of-sender's-/etc/srlog2/curve25519.pub - OR copy one or both of the public keys generated above into a file called "services" with the following format: host.name.of.sender:service:copy-of-sender's-/etc/srlog2/nistp224.pub host.name.of.sender:service:copy-of-sender's-/etc/srlog2/curve25519.pub (Note: curve25519 only works on 32-bit x86 systems at the moment) Operation: - For each service, instead of running "multilog t" as the log manager, run something like "srlog2 service host.name.of.receiver.net" - srlog2 understands multilog's filter syntax (+pattern -pattern etc). - On the receiver, add a srlog2d service as follows: #!/bin/bash cd /where/you/put/the/config/files exec srlog2d srlog2-logger Make sure you either use the --mkdirs option to srlog2-logger or create all the directories you want to write logs into in advance. Security Notes: - The srlog2 program creates two files in the current directory, "buffer" and "sequence". If you wish to run srlog2 as non-root, you will need to precreate those files and make sure srlog2 has permission to write to them. - The srlog2 program needs read access to the secret keys in /etc/srlog2, but nothing else should be allowed to read them. - Similarly, the srlog2d program needs read access to the secret keys in its "secrets" file, but nothing else should be allowed to read them. - None of the srlog2 receiver components (srlog2d or srlog2-logger) need to run as root. - srlog2d neither creates nor writes any files. This project was initiated at FutureQuest, Inc. We are releasing it as an open-source project because we felt it would be useful to others, as well as to repay our debt of gratitude to the larger open-source community for the excellent packages we have enjoyed. For more details, you may contact FutureQuest, Inc. at: FutureQuest, Inc. PO BOX 623127 Oviedo FL 32762-3127 USA http://www.FutureQuest.net/ ossi@FutureQuest.net This package is Copyright(C) 2008 Bruce Guenter or FutureQuest, Inc., and may be copied according to the GNU GENERAL PUBLIC LICENSE (GPL) Version 2 or a later version. A copy of this license is included with this package. This package comes with no warranty of any kind.
Name Modification Time Size
Parent Directory 2008-10-15 17:44 - ANNOUNCEMENT 2008-10-27 23:00 4k NEWS 2008-10-27 23:00 2k TODO 2008-10-27 23:00 610 archive 2008-10-27 23:00 - design.html 2008-10-27 23:00 28k fc1 2008-03-11 10:56 - fc2 2008-10-27 23:00 - rh6 2008-10-27 23:00 - rh7 2008-10-27 23:00 - srlog2-0.85-2.src.rpm 2008-10-27 23:00 89k srlog2-0.85.tar.gz 2008-10-27 22:59 87k srlog2-0.85.tar.gz.sig 2008-10-27 22:59 189 srlog2-keygen.1.html 2008-10-27 23:00 942 srlog2-logger.1.html 2008-10-27 23:00 1k srlog2.1.html 2008-10-27 23:00 2k srlog2.html 2008-10-27 23:00 2k srlog2d.1.html 2008-10-27 23:00 2k srlog2q.1.html 2008-10-27 23:00 789
RPM File: srlog2-0.85-2.src.rpm
Name : srlog2 Relocations: (not relocateable) Version : 0.85 Vendor: (none) Release : 2 Build Date: Mon 27 Oct 2008 11:00:17 PM CST Group : Utilities/System Source RPM: (none) Size : 90030 License: GPL Packager : Bruce Guenter <bruce@untroubled.org> URL : http://untroubled.org/srlog2/ Summary : Secure Remote Log transmission system Description : Secure Remote Log transmission system Requires : bglibs >= 1.104 libtomcrypt-devel nistp224 rpmlib(CompressedFileNames) <= 3.0.4-1