Secure Syslog Replacement Proposed 248
LinuxScribe writes with this bit from IT World: "In an effort to foil crackers' attempts to cover their tracks by altering text-based syslogs, and improve the syslog process as a whole, developers Lennart Poettering and Kay Sievers are proposing a new tool called The Journal. Using key/value pairs in a binary format, The Journal is already stirring up a lot of objections."
Log entries are "cryptographically hashed along with the hash of the previous entry in the file" resulting in a verifiable chain of entries. This is being done as an extension to systemd (git branch). The design doesn't just make logging more secure, but introduces a number of overdue improvements to the logging process. It's even compatible with the standard syslog interface allowing it to either coexist with or replace the usual syslog daemon with minimal disruption.
Overcomplicated (Score:5, Funny)
Back in the late 90's when I first started connecting my home Linux systems to the Internet 24/7, I logged everything imaginable. To prevent tampering/falsification of the logs, I simply printed the log on a continuous-sheet dot matrix printer. Good luck tampering with the printout in my office.
After a while I got to be able to recognize certain types of activity, such as a web user browsing to /index.html, based on the sounds the printer made.
Re:Overcomplicated (Score:5, Funny)
Did you ever get that OCD treated, or are you still suffering?
Re:Overcomplicated (Score:5, Funny)
Yeah done that.. paper jams were a bitch, though.
I remember even going to the trouble of cutting one of the leads in the RS-232 cable to make the logging printer a true write-only device.
Re:Overcomplicated (Score:5, Funny)
Did you ever get that OCD treated, or are you still suffering?
That's right, every night I'd get into some cozy pajamas, maybe make a fire, cuppa tea, and sit back in a recliner for a stint of light reading. I tell you, last night's series of 404s by the guy who kept mistyping the URL to my "About Me" page were especially riveting.
Re:I don't know... (Score:4, Funny)
strings berkeley.db | grep "data"
Enjoy,
Re:Overcomplicated (Score:5, Funny)
jobs. (Score:5, Funny)
Attitudes like yours cost the industry jobs. It is best for if we store data away into increasingly inappropriate places so that lusers have to pay us to get their own data.
Hell, going back to standard data formats and reusable tools would be the death of a thousand increasingly bizarre specialty languages alone.
As a penance, you should rewrite diff in python to work on sqlite databases. That should set the industry back another few years.
Re:I don't know... (Score:3, Funny)