Gentoo Archives: gentoo-security

From: "Brian G. Peterson" <brian@×××××××××.com>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] Advice about security solution
Date: Wed, 09 Nov 2005 12:35:56
Message-Id: 200511090630.13448.brian@braverock.com
In Reply to: Re: [gentoo-security] Advice about security solution by Darren Davison
On Wednesday 09 November 2005 05:42 am, Darren Davison wrote:
> On Wed, 2005-11-09 at 11:35 +0100, Harald Dumdey wrote: > > Is there a 'solution' for that? Or do i have to write a shellscript... > > presumably a script dropped into /etc/cron.daily would do it. Along the > lines of (nb: totally untested) ..? > > #!/bin/sh > > # mail address to send compressed logs to > TO=your@×××××××××××.address > > # the hex ID of your GPG key > KEY=0xaabbcc99 > > # which logs? *.0 will pick the most recently rotated set. You > # can probably do better > LOGS="/var/log/*.0" > > HOST=`cat /etc/conf.d/hostname` > TODAY=`(date +"%y%m%d")` > OUTFILE=/tmp/$HOST_$TODAY_logs.tbz2 > > # tar/compress > tar cjf $OUTFILE > > # encrypt > gpg -r $KEY --encrypt-files $OUTFILE
You should probably ASCII Armor the file. More mail clients will understand it as an OpenPGP attachment that way: gpg -r $KEY --armor --encrypt-files $OUTFILE
> # send. Not sure how you do this without mutt.. > echo "Logs.." | mutt -s "$HOST logs for $TODAY" -a $OUTFILE.gpg $TO
echo "Logs.." | mutt -s "$HOST logs for $TODAY" -a $OUTFILE.asc $TO
> # clean up > rm -f $OUTFILE $OUTFILE.gpg
rm -f $OUTFILE $OUTFILE.asc Also, you should seriously consider making your compressed file in a RAM disk instead of in /tmp, to avoid any issues with disk scanning. (I know these are system logs that are already on the system disk in plain-text, but it never hurts to think about what might get left behind somewhere). If you happen to be a PHP programmer, the GPG Plugin for Squirrelmail (installed with the squirrelmail ebuild) includes all the GPG functions, and also includes functions for securely deleting temporary files. Make sure you store the private key for this gpg keypair off the server in question, so that you can decrypt the logs later. Regards, - Brian -- gentoo-security@g.o mailing list

Replies

Subject Author
Re: [gentoo-security] Advice about security solution unaos <uranaos@×××××.com>