srlog2
Secure Remote Log Transmission System
Bruce Guenter <bruce@untroubled.org>
Version 0.80
2007-08-07

This is srlog2, a secure remote log transmission system.

A mailing list has been set up to discuss this and other packages.
To subscribe, send an email to:
	bgware-subscribe@lists.untroubled.org
A mailing list archive is available at:
	http://lists.untroubled.org/?list=bgware

Development versions of srlog2 are available via Subversion at:
	svn://bruce-guenter.dyndns.org/srlog2/trunk

Requirements:

- bglibs version 1.041 or later
- libtomcrypt version 1.03 or later
- nistp224 library version 0.75 or later

Installation:

- Make sure the latest version of bglibs from
  http://untroubled.org/bglibs/ is compiled and installed.
- Build the sources by running "make"
- After the package has been compiled, run "make install" as root.

Configuration:

On the senders:
- Create host keys in /etc/srlog2:
	srlog2-keygen -t nistp224 /etc/srlog2
	srlog2-keygen -t curve25519 /etc/srlog2
- Copy all the public keys generated for the receiver into
  /etc/srlog2/servers/host.name.of.receiver.net

On the receiver:
- Generate local host keys:
	srlog2-keygen -t nistp224 .
	srlog2-keygen -t curve25519 .
	cat nistp224 curve25519 >secrets
- Copy one or both of the public keys generated above into "senders" as:
	short-name:copy-of-/etc/srlog2/nistp224.pub
	short-name:copy-of-/etc/srlog2/curve25519.pub
- OR copy one or both of the public keys generated above into
  "services" as:
  	short-name:service:copy-of-/etc/srlog2/nistp224.pub
  	short-name:service:copy-of-/etc/srlog2/curve25519.pub

(Note: curve25519 only works on 32-bit x86 systems at the moment)

Operation:

- For each service, instead of running "multilog t" as the log manager,
  run something like "srlog2 service host.name.of.receiver.net"
- srlog2 understands multilog's filter syntax (+pattern -pattern etc).
- On the receiver, add a srlog2d service as follows:
	#!/bin/bash
	cd /where/you/put/the/config/files
	exec srlog2d srlog2-logger
  Make sure you either use the --mkdirs option to srlog2-logger or
  create all the directories you want to write logs into in advance.

Security Notes:

- The srlog2 program creates two files in the current directory,
  "buffer" and "sequence".  If you wish to run srlog2 as non-root, you
  will need to precreate those files and make sure srlog2 has permission
  to write to them.
- The srlog2 program needs read access to the secret keys in
  /etc/srlog2, but nothing else should be allowed to read them.
- Similarly, the srlog2d program needs read access to the secret keys in
  its "secrets" file, but nothing else should be allowed to read them.
- None of the srlog2 receiver components (srlog2d or srlog2-logger) need
  to run as root.
- srlog2d neither creates nor writes any files.

This project was initiated at FutureQuest, Inc.  We are releasing it
as an open-source project because we felt it would be useful to others,
as well as to repay our debt of gratitude to the larger open-source
community for the excellent packages we have enjoyed.

For more details, you may contact FutureQuest, Inc. at:
FutureQuest, Inc.
PO BOX 623127
Oviedo FL 32762-3127 USA
http://www.FutureQuest.net/
ossi@FutureQuest.net

This package is Copyright(C) 2007 Bruce Guenter or FutureQuest, Inc.,
and may be copied according to the GNU GENERAL PUBLIC LICENSE (GPL)
Version 2 or a later version.  A copy of this license is included with
this package.  This package comes with no warranty of any kind.

Index of srlog2

Name                                           Modification Time  Size
Parent Directory                               2008-02-23 23:36      -
ANNOUNCEMENT                                   2007-08-07 08:53     4k
NEWS                                           2007-08-07 08:53     2k
TODO                                           2007-08-07 08:53    610
archive                                        2007-08-07 08:55      -
design.html                                    2007-08-07 08:53    32k
fc1                                            2007-08-07 08:55      -
fc2                                            2007-08-07 08:55      -
rh6                                            2007-08-07 08:55      -
rh7                                            2007-08-07 08:55      -
srlog2-0.80-2.src.rpm                          2007-08-07 08:53    94k
srlog2-0.80.tar.gz                             2007-08-07 08:50    91k
srlog2-0.80.tar.gz.sig                         2007-08-07 08:50    189
srlog2-keygen.1.html                           2007-08-07 08:53    942
srlog2-logger.1.html                           2007-08-07 08:53     1k
srlog2.1.html                                  2007-08-07 08:53     2k
srlog2.html                                    2007-08-07 08:53     2k
srlog2d.1.html                                 2007-08-07 08:53     2k
srlog2q.1.html                                 2007-08-07 08:53    789

RPM File: srlog2-0.80-2.src.rpm

Name        : srlog2                       Relocations: (not relocateable)
Version     : 0.80                              Vendor: (none)
Release     : 2                             Build Date: Tue Aug  7 08:51:42 2007
Group       : Utilities/System              Source RPM: (none)
Size        : 94436                            License: GPL
Packager    : Bruce Guenter <bruce@untroubled.org>
URL         : http://untroubled.org/srlog2/
Summary     : Secure Remote Log transmission system
Description :
Secure Remote Log transmission system

Requires    :
bglibs >= 1.041
libtomcrypt-devel  
nistp224  
rpmlib(CompressedFileNames) <= 3.0.4-1

Valid XHTML 1.0!