Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: "Brian G. Peterson" <brian@...>
Subject: Re: Advice about security solution
Date: Wed, 9 Nov 2005 06:30:13 -0600
On Wednesday 09 November 2005 05:42 am, Darren Davison wrote:
> On Wed, 2005-11-09 at 11:35 +0100, Harald Dumdey wrote:
> > Is there a 'solution' for that? Or do i have to write a shellscript...
>
> presumably a script dropped into /etc/cron.daily would do it.  Along the
> lines of (nb: totally untested) ..?
>
> #!/bin/sh
>
> # mail address to send compressed logs to
> TO=your@...
>
> # the hex ID of your GPG key
> KEY=0xaabbcc99
>
> # which logs? *.0 will pick the most recently rotated set.  You
> # can probably do better
> LOGS="/var/log/*.0"
>
> HOST=`cat /etc/conf.d/hostname`
> TODAY=`(date +"%y%m%d")`
> OUTFILE=/tmp/$HOST_$TODAY_logs.tbz2
>
> # tar/compress
> tar cjf $OUTFILE
>
> # encrypt
> gpg -r $KEY --encrypt-files $OUTFILE

You should probably ASCII Armor the file.  More mail clients will understand 
it as an OpenPGP attachment that way:

gpg -r $KEY --armor --encrypt-files $OUTFILE

> # send. Not sure how you do this without mutt..
> echo "Logs.." | mutt -s "$HOST logs for $TODAY" -a $OUTFILE.gpg $TO

echo "Logs.." | mutt -s "$HOST logs for $TODAY" -a $OUTFILE.asc $TO

> # clean up
> rm -f $OUTFILE $OUTFILE.gpg

rm -f $OUTFILE $OUTFILE.asc

Also, you should seriously consider making your compressed file in a RAM disk 
instead of in /tmp, to avoid any issues with disk scanning. (I know these are 
system logs that are already on the system disk in plain-text, but it never 
hurts to think about what might get left behind somewhere).

If you happen to be a PHP programmer, the GPG Plugin for Squirrelmail 
(installed with the squirrelmail ebuild) includes all the GPG functions, and 
also includes functions for securely deleting temporary files.

Make sure you store the private key for this gpg keypair off the server in 
question, so that you can decrypt the logs later.

Regards,

   - Brian
-- 
gentoo-security@g.o mailing list


Replies:
Re: Advice about security solution
-- unaos
References:
Advice about security solution
-- Anders Bruun Olsen
Re: Advice about security solution
-- Harald Dumdey
Re: Advice about security solution
-- Darren Davison
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Advice about security solution
Next by thread:
Re: Advice about security solution
Previous by date:
Re: Advice about security solution
Next by date:
Re: Advice about security solution


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.