1 |
On Wednesday 09 November 2005 05:42 am, Darren Davison wrote: |
2 |
> On Wed, 2005-11-09 at 11:35 +0100, Harald Dumdey wrote: |
3 |
> > Is there a 'solution' for that? Or do i have to write a shellscript... |
4 |
> |
5 |
> presumably a script dropped into /etc/cron.daily would do it. Along the |
6 |
> lines of (nb: totally untested) ..? |
7 |
> |
8 |
> #!/bin/sh |
9 |
> |
10 |
> # mail address to send compressed logs to |
11 |
> TO=your@×××××××××××.address |
12 |
> |
13 |
> # the hex ID of your GPG key |
14 |
> KEY=0xaabbcc99 |
15 |
> |
16 |
> # which logs? *.0 will pick the most recently rotated set. You |
17 |
> # can probably do better |
18 |
> LOGS="/var/log/*.0" |
19 |
> |
20 |
> HOST=`cat /etc/conf.d/hostname` |
21 |
> TODAY=`(date +"%y%m%d")` |
22 |
> OUTFILE=/tmp/$HOST_$TODAY_logs.tbz2 |
23 |
> |
24 |
> # tar/compress |
25 |
> tar cjf $OUTFILE |
26 |
> |
27 |
> # encrypt |
28 |
> gpg -r $KEY --encrypt-files $OUTFILE |
29 |
|
30 |
You should probably ASCII Armor the file. More mail clients will understand |
31 |
it as an OpenPGP attachment that way: |
32 |
|
33 |
gpg -r $KEY --armor --encrypt-files $OUTFILE |
34 |
|
35 |
> # send. Not sure how you do this without mutt.. |
36 |
> echo "Logs.." | mutt -s "$HOST logs for $TODAY" -a $OUTFILE.gpg $TO |
37 |
|
38 |
echo "Logs.." | mutt -s "$HOST logs for $TODAY" -a $OUTFILE.asc $TO |
39 |
|
40 |
> # clean up |
41 |
> rm -f $OUTFILE $OUTFILE.gpg |
42 |
|
43 |
rm -f $OUTFILE $OUTFILE.asc |
44 |
|
45 |
Also, you should seriously consider making your compressed file in a RAM disk |
46 |
instead of in /tmp, to avoid any issues with disk scanning. (I know these are |
47 |
system logs that are already on the system disk in plain-text, but it never |
48 |
hurts to think about what might get left behind somewhere). |
49 |
|
50 |
If you happen to be a PHP programmer, the GPG Plugin for Squirrelmail |
51 |
(installed with the squirrelmail ebuild) includes all the GPG functions, and |
52 |
also includes functions for securely deleting temporary files. |
53 |
|
54 |
Make sure you store the private key for this gpg keypair off the server in |
55 |
question, so that you can decrypt the logs later. |
56 |
|
57 |
Regards, |
58 |
|
59 |
- Brian |
60 |
-- |
61 |
gentoo-security@g.o mailing list |