No empty .Rs/.Re
[netbsd-mini2440.git] / usr.sbin / syslogd / sign.html
blob462bbc211dfb572575060540053706d6c6f69a09
1 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd">
2 <html>
3 <head>
4 <title>NetBSD &amp; Google's Summer of Code: Martin Schuette - Improve syslogd (syslogd)</title>
5 </head>
6 <body>
8 <h1>syslog-sign</h1>
9 <p><a href="http://tools.ietf.org/html/draft-ietf-syslog-sign">syslog-sign</a> defines digital signatures for logfiles. This provides end-to-end authentication for network transports, enables the detection of lost UDP messages, and also makes it possible to check a log archive for later modifications (assuming the private key was kept safe).</p>
11 <h2>Signature Groups</h2>
12 <p>A basic concept of syslog-sign is the signature group which describes a set of messages that are grouped and signed together. Their purpose becomes clear with an example: assume you split your messages to two logservers <em>serverA</em> and <em>serverB</em>. Now if all messages were singed as one stream, then a) where do the signatures go to? and b) how could <em>serverA</em>, having only hashes and signatures, decide which message are missing and which are on <em>serverB</em>?<br>
13 Thus the messages are selected into two signature groups containing all signatures for messages to <em>serverA</em> and <em>serverB</em> respectively. Then every server has its own messages and its own signatures to verify them.</p>
14 <p>There are three predefined and one custom signature groups:</p>
15 <ol start="0">
16 <li>one global signature group, useful if all messages go to one central logserver anyway</li>
17 <li>every syslog priority (=combination of facility and severity) gets its own group, i.e. 192 of them, useful if there are lots of different destinations which all receive messages with different priorities</li>
18 <li>take the priorities and split them into intervals, useful to define bigger subsets, e.g. one signature group for the mail facility and two for everything else</li>
19 <li>not defined and reserved for custom strategy. I use this to have one signature group for every configured destination. In this case the selector in syslog.conf will determine which messages go into one group; it is also the only strategy that allows a message to be in multiple groups.</li>
20 </ol>
21 <p>Every signature group has several attributes and only the combination of several values determines one signature group unambiguously. Currently the key to identify a signature group is the tuple (hostname, reboot session ID, SG value, SPRI value). <!-- In a later draft the program name or process ID might be added to allow multiple syslog-sign senders per host.--></p>
23 <h2>Configuration/Activation</h2>
24 <p>syslog-sign is enabled with the option "sign_sg" in syslog.conf. The value selects the signature group strategy, so for example the line "sign_sg=0" enables syslog-sign with one signature group.</p>
25 <p>The SG="2" strategy is the only one that might require additional configuration. When selected (with "sign_sg=2") the default is to use one signature group per facility (kernel, user, mail, ...). To allow custom configuration there is an additional option "sign_sg2_delim" to specify the numerical SPRI values, i.e. the boundaries betwen the signature groups.<br>
26 Example: With "sign_sg2_delim = 15 31" syslogd will set up three signature groups: one for all priorities x &le; 15 (kernel.*,user.*), one for priorities 15 &lt; x &le; 31 (mail.*), and one for all priorities x &gt; 31.</p>
28 <h2>Key, Signature, and Hash Types</h2>
29 <p>The current internet draft defines two values for the VERsion field for using either SHA-1 or SHA-256 hashes. Both versions mandate DSA keys and signatures.<br>
30 There are several alternatives for sending the public key in the initial Certificate Block. If a X.509 certificate is available (for TLS connections) then syslogd will use key type 'C' (PKIX) and send the certificate in DER encoding. Otherwise it generates a new DSA key and uses key type 'K' (public key) to send the public key in DER encoding.</p>
32 <h2>Redundancy</h2>
33 <p>As mentioned above one design target of syslog-sign is the detection of lost messages, e.g. due to UDP datagram loss. So one has to take extra precaution to prevent lost signature messages and send them multiple times.<br>
34 This implementation sends the first Certificate block only on demand, just before the first Signature Block. After that it is resent <em>n</em> times with several seconds delay. The Signature Blocks are not repeated but use a sliding window so that every message hash is included in <em>m</em> sequential Signature Blocks.</p>
36 <h2>Verification</h2>
37 <p>Sending signatures is only half of the job, -- they have to be verified as well. I used Perl to write an <a href="verify-sign/verify.pl">offline verification</a> tool that reads a complete logfile and prints all messages in their correct order. See the example below for a sample usage and output.</p>
39 <h2>Example</h2>
40 <p>Here is an example of a signed message sequence. I let syslogd generate me a DSA key for a self-signed X.509 certificate and use that for signing. I also changed one message so you can see the resulting verification output below.</p>
42 <pre>
43 $ cat test.log
44 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg0
45 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg1
46 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg2
47 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg3
48 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg4
49 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg5
50 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg6
51 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg7
52 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg8
53 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg9
54 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg10
55 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg11
56 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - modified msg12
57 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg13
58 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg14
59 <110>1 2008-08-02T01:09:27.773505+02:00 host.example.org syslogd - - [ssign-cert VER="0111" RSID="1217632162" SG="3" SPRI="0" TBPL="1059" INDEX="1" FLEN="1059" FRAG="2008-08-02T01:09:27.773464+02:00 C MIIC+jCCArmgAwIBAwIBATAJBgcqhkjOOAQDMCIxIDAeBgNVBAMTF2NvcmRlbGlhLm1zY2h1ZXR0ZS5uYW1lMB4XDTA4MDczMDIyMDYyMloXDTA5MDczMDIyMDYyMlowIjEgMB4GA1UEAxMXY29yZGVsaWEubXNjaHVldHRlLm5hbWUwggG3MIIBKwYHKoZIzjgEATCCAR4CgYEA92S335Kxy2TTMfdg9Vi/CJvyDCHMHpPYxWwEkEI26xEdKybzLghTfbG/RZw/nnFuhRTH4Xe6GVvlFi2zIzySSClXr+zyXg/D9uHyiVL5TEsu8uQT2IREmGOB8pu70FukL9nQGOr82YxuRFQzZ1p6KltIggivi5ffR4B33+1xoSkCFQDYe5GJKM9Cw6nkLngHkzFGRmcXIQKBgDbHeOLBKYLkRZyRpXd0aTNU2igcKTWyWlUTySJuv/iTAeB09p9WyTIPyAhtqN77CIwX8Ui2jGu6NYT6TWEYJVvL+C/TvddAvAMyefv+w+HPNF2L77IVrjNVRCneERoNKlWc6IzjKH3otl/Lh2D7NAWRid55vxF6Z0oO459+4vpRA4GFAAKBgQCzcJVR343IRntcQs8aENs/QMxoxHN6JVdpSLB9moY5/RC9ooxz32fkakSL0s8zLITLt/y+yzf0F/9JhmTC1XeD8gvPBesE6dc0ZzPCos0hg8WpKUWR0YqXFDOC//uBwIa94DncC8xZ0mCwavno6gtkz57S7ywSwnmrdjhmpdAZuqOBgDB+MBEGCWCGSAGG+EIBAQQEAwIGQDAzBglghkgBhvhCAQ0EJhYkYXV0by1nZW5lcmF0ZWQgYnkgdGhlIE5ldEJTRCBzeXNsb2dkMCYGCWCGSAGG+EIBDAQZFhdjb3JkZWxpYS5tc2NodWV0dGUubmFtZTAMBgNVHRMBAf8EAjAAMAkGByqGSM44BAMDMAAwLQIUZcsHdrbuyx9lR3tyyeiJvClj0B8CFQC+5+NlulgCd/yoSlLPZgsTHYmCYA==" SIGN="MC0CFFEHx8UX391lbmhbisJNS0zLGD/WAhUAuMfCO0BWtARt2vEWHbM2mAe2k+o="]
60 <110>1 2008-08-02T01:09:27.778347+02:00 host.example.org syslogd - - [ssign VER="0111" RSID="1217632162" SG="3" SPRI="0" GBC="1" FMN="1" CNT="15" HB="siUJM358eYFHOS2K0MTlveWeH/U= zTxfthW8WqmtFhOG4k/+ZxkirTA= j9dubU1GNVp7qWShwph/w32nD08= XQDLZ/NuwirmLdMORtm84r9kIW4= RNDFNCo7hiCsK/EKumsPBbFHNZA= ANiE3KbY948J6cEB640fAtWXuO4= e2M/OqjHDfxLVUSPt1CsNJHm9wU= Y+racQst7F1gR8eEUh8O7o+M53s= JAMULRxjMPbOO5EhhKbsUkAwbl0= pd+N5kmlnyQ0BoItELd/KWQrcMg= dsMQSzPHIS6S3Vaa23/t7U8JAJ4= i4rE3x7N4qyQGTkmaWHsWDFP9SY= qgTqV4EgfUFd3uZXNPvJ25erzBI= XW0YrME5kQEh+fxhg1fetnWxfIc= 7YPcRHsDwXWnQuGRWaJtFWw9hus=" SIGN="MCwCFF5hS5GTLxLDwsDCUmOnHhzkmWzbAhRJ0io+LBKM6Ux/cM7eqZ6eRAI11Q=="]
61 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg15
62 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg16
63 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg17
64 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg18
65 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg19
66 <110>1 2008-08-02T01:09:32.399406+02:00 host.example.org syslogd - - [ssign VER="0111" RSID="1217632162" SG="3" SPRI="0" GBC="4" FMN="1" CNT="20" HB="siUJM358eYFHOS2K0MTlveWeH/U= zTxfthW8WqmtFhOG4k/+ZxkirTA= j9dubU1GNVp7qWShwph/w32nD08= XQDLZ/NuwirmLdMORtm84r9kIW4= RNDFNCo7hiCsK/EKumsPBbFHNZA= ANiE3KbY948J6cEB640fAtWXuO4= e2M/OqjHDfxLVUSPt1CsNJHm9wU= Y+racQst7F1gR8eEUh8O7o+M53s= JAMULRxjMPbOO5EhhKbsUkAwbl0= pd+N5kmlnyQ0BoItELd/KWQrcMg= dsMQSzPHIS6S3Vaa23/t7U8JAJ4= i4rE3x7N4qyQGTkmaWHsWDFP9SY= qgTqV4EgfUFd3uZXNPvJ25erzBI= XW0YrME5kQEh+fxhg1fetnWxfIc= 7YPcRHsDwXWnQuGRWaJtFWw9hus= PIvLm0mh+he5+PDihG1p7sQlx8k= lPzUvx0I1VwSGWV7yKF9W//Yb2U= X+PWYcx5AXnsDVSNAHLZUGk5ioY= okXY88MGG4QybrYMf8HJN23WO1Y= HcaPyHfQ2s1SuSciTKw4woYWuMg=" SIGN="MCwCFFr0i6taT1vWowR7yc5bEQxFfY7/AhQBCK+rBNPgzR0vUgxPeARvD24kIQ=="]
67 </pre>
68 <p>Just in case you wonder about the different timestamps: The messages were send with a normal syslog(3), so the syslogd received them in BSD Syslog format without subsecond resolution.</p>
69 <hr>
70 <pre>
71 $ perl verify.pl --help
73 syslog-sign verifier
74 reads logfile and verifies message signatures
76 Notes:
77 - By default uses only SHA-1 hashes. Use option "--sha256" to use only
78 SHA-256 and "--sha1 --sha256"to use both types.
79 - Some status messages are printed to stderr.
80 Use option "--quiet" to disable them.
81 - All verified messages are printed with their identifying signature group.
82 Every line starts with a comma-separated tuple: hostname, reboot session ID,
83 SG value, SPRI value, and message number.
84 - If only one hash is used then all messages not signed are printed as well.
86 Limitations: handles only key types 'C' (PKIX) and 'K' (public key)
87 with DSA keys and signatures
89 Command Line Options:
90 -i --in input file (default: stdin)
91 -o --out output file for verified messages (default: stdout)
92 -u --unsigned output file for unsigned messages (default: stdout)
93 --sha1 use SHA-1 hashes (default)
94 --sha256 use SHA-256 hashes
95 -v --verbose shows some internals (every CB,SB,hash,...)
96 -q --quiet no status messages to stderr
97 -h --help this help
99 $ perl verify.pl -i test.log
100 reading input...
101 processing CBs...
102 decoding SGs...
103 got PKIX DSA key
104 verifying CBs...
105 verified CB and got key for SG: (host.example.org,1217632162,0111,3,0), start: 2008-08-02T01:09:27.773464+02:00
106 now process SBs
107 signed messages:
108 host.example.org,1217632162,0111,3,0,1 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg0
109 host.example.org,1217632162,0111,3,0,2 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg1
110 host.example.org,1217632162,0111,3,0,3 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg2
111 host.example.org,1217632162,0111,3,0,4 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg3
112 host.example.org,1217632162,0111,3,0,5 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg4
113 host.example.org,1217632162,0111,3,0,6 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg5
114 host.example.org,1217632162,0111,3,0,7 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg6
115 host.example.org,1217632162,0111,3,0,8 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg7
116 host.example.org,1217632162,0111,3,0,9 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg8
117 host.example.org,1217632162,0111,3,0,10 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg9
118 host.example.org,1217632162,0111,3,0,11 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg10
119 host.example.org,1217632162,0111,3,0,12 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg11
120 host.example.org,1217632162,0111,3,0,13 **** msg lost
121 host.example.org,1217632162,0111,3,0,14 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg13
122 host.example.org,1217632162,0111,3,0,15 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg14
123 host.example.org,1217632162,0111,3,0,16 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg15
124 host.example.org,1217632162,0111,3,0,17 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg16
125 host.example.org,1217632162,0111,3,0,18 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg17
126 host.example.org,1217632162,0111,3,0,19 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg18
127 host.example.org,1217632162,0111,3,0,20 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg19
128 messages without signature:
129 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - modified msg12
130 </pre>
132 <hr>
133 <table border=0>
134 <tr>
135 <td>
136 <a href="http://sourceforge.net"><img align="top" src="http://sourceforge.net/sflogo.php?group_id=141771&amp;type=2" width="125" height="37" border="0" alt="SourceForge.net Logo"></a>
137 <td>
138 <table>
139 <tr> <td> Martin Sch&uuml;tte &lt;<tt>info@mschuette.name</tt>&gt; </td> </tr>
140 <tr> <td> $Id: sign.html,v 1.1 2008/10/31 16:12:19 christos Exp $ </td> </tr>
141 </table>
142 </tr>
143 </table>
145 </body>
146 </html>