Gentoo Archives: gentoo-security

From: "Brian G. Peterson" <brian@×××××××××.com>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] Advice about security solution
Date: Wed, 09 Nov 2005 12:35:56
Message-Id: 200511090630.13448.brian@braverock.com
In Reply to: Re: [gentoo-security] Advice about security solution by Darren Davison
1 On Wednesday 09 November 2005 05:42 am, Darren Davison wrote:
2 > On Wed, 2005-11-09 at 11:35 +0100, Harald Dumdey wrote:
3 > > Is there a 'solution' for that? Or do i have to write a shellscript...
4 >
5 > presumably a script dropped into /etc/cron.daily would do it. Along the
6 > lines of (nb: totally untested) ..?
7 >
8 > #!/bin/sh
9 >
10 > # mail address to send compressed logs to
11 > TO=your@×××××××××××.address
12 >
13 > # the hex ID of your GPG key
14 > KEY=0xaabbcc99
15 >
16 > # which logs? *.0 will pick the most recently rotated set. You
17 > # can probably do better
18 > LOGS="/var/log/*.0"
19 >
20 > HOST=`cat /etc/conf.d/hostname`
21 > TODAY=`(date +"%y%m%d")`
22 > OUTFILE=/tmp/$HOST_$TODAY_logs.tbz2
23 >
24 > # tar/compress
25 > tar cjf $OUTFILE
26 >
27 > # encrypt
28 > gpg -r $KEY --encrypt-files $OUTFILE
29
30 You should probably ASCII Armor the file. More mail clients will understand
31 it as an OpenPGP attachment that way:
32
33 gpg -r $KEY --armor --encrypt-files $OUTFILE
34
35 > # send. Not sure how you do this without mutt..
36 > echo "Logs.." | mutt -s "$HOST logs for $TODAY" -a $OUTFILE.gpg $TO
37
38 echo "Logs.." | mutt -s "$HOST logs for $TODAY" -a $OUTFILE.asc $TO
39
40 > # clean up
41 > rm -f $OUTFILE $OUTFILE.gpg
42
43 rm -f $OUTFILE $OUTFILE.asc
44
45 Also, you should seriously consider making your compressed file in a RAM disk
46 instead of in /tmp, to avoid any issues with disk scanning. (I know these are
47 system logs that are already on the system disk in plain-text, but it never
48 hurts to think about what might get left behind somewhere).
49
50 If you happen to be a PHP programmer, the GPG Plugin for Squirrelmail
51 (installed with the squirrelmail ebuild) includes all the GPG functions, and
52 also includes functions for securely deleting temporary files.
53
54 Make sure you store the private key for this gpg keypair off the server in
55 question, so that you can decrypt the logs later.
56
57 Regards,
58
59 - Brian
60 --
61 gentoo-security@g.o mailing list

Replies

Subject Author
Re: [gentoo-security] Advice about security solution unaos <uranaos@×××××.com>