syslog-sec-misc Mailing List for Secure BSD syslog ARCHIVED
Status: Abandoned
Brought to you by:
albert-thuis
Menu
▾
▴
syslog-sec-misc — General discussion for syslog-security on SF.net
You can subscribe to this list here.
| 2003 |
Jan
|
Feb
|
Mar
|
Apr
(4) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2004 |
Jan
|
Feb
|
Mar
(1) |
Apr
|
May
(1) |
Jun
|
Jul
|
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2008 |
Jan
|
Feb
|
Mar
(1) |
Apr
(11) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: ALbert M. {s. by ons-h. d. net} <al...@on...> - 2008-04-07 08:24:24
|
Hello Diego, Diego Giagio wrote: > This is our first contact. I've been looking through FreeBSD Projects > page and found this Syslog Secure Project. I have some interesting > ideas to share and even help contributing. How's this project going? Recently, after a long time of no-activity, the project is kind-of-reactivated. The project is hosted on sourceforge. See the mail-archive for more info. http://sourceforge.net/projects/syslog-sec/ http://lists.sourceforge.net/lists/listinfo/syslog-sec-misc You are welcome to help. Please use the mailing list for all postings --ALbert Mietus Send prive mail to: ALbert at ons-huis dot net Don't send spam mail! http://albert.mietus.nl http://albert.mietus.nl/read.IT |
|
From: Francisco G. <fra...@fn...> - 2008-04-03 10:21:16
|
Hi folks, I'm just this guy that wants to contribute to FreeBSD and Albert was kind enough to invite me to this (re)start of syslog-sec, no academia behind me though. I do think politics are something that we shouldn't be worried about since the BSD projects will ultimately decide on what they want for themselves. I thought of syslog-sec as freebsd's syslog with security features added-in and as such perhaps one could consider having a good look into *BSD's syslogs and perhaps create an abstract layer for the security enhancements that could be fitted into each of the diferent code trains. im not sure if you guys are thinking of doing a syslog from scratch...if so, i'm all for it ;) Kind Regards, Francisco Guerreiro Quoting Albert Mietus <al...@on...>: > Two remarks > > > ONE > >>> I've looked at the different versions and found some main >>> differences: >>> OpenBSD: splits syslogd for privilege separation >>> FreeBSD: 2nd socket for ... >>> DragonFly: adds a ring buffer >>> NetBSD: seems 'just' to be refactored and with more checks > >>> A merge of current FreeBSD and NetBSD code could be a first step. >>> I am just afraid it might become a political issue early on ;-) > >> yeah I'm almost sure that this will happen :). > > I think we should (on SF) try to keep out the politics ... > > That would be possible by NOT merging code & politics from the *BSD > code-bases. > > When I started, long ago, I tried to keep the (then only FreeBSD) > source file almost unchanged and just added the "sec" part. > > The files .../FreeBSD-syslogd/usr.sbin.syslog/syslog* are coming from > BSD, the file .../sl_* are "mine" and are as independent of the > original as possible (some call to sl_* functions are added:-) > > Is it possible to exent this idea, and separate file like (as an > example/proposal): > .../sl-sec/* the "extra" functionality for -sec (spit in sec/sign/ > sec/*/) > .../host/FreeBSD/ The (minimally) addapted FreeBSD srcs > .../host/netBSD/ same for netBSD > .../host/OpenBSD/ same ... idem > .../host/... you get the idea. > And also: > .../stand/ A "stand alone", "best of bread" , as we see it > version of syslog(d) > > Then, each *BSD can easily port the (our) SF code there BSD, by > taking the host/* version and the shared -sec code. > Eventually (and likely), they will decide to go for the best of bread > version. Then THEY make the decision; we are happy to get our code > incorporated and everybody wins by better, integrated, and secure > syslog. > > Note: even a .../linux/, ../WinDos/... or ../whatEver/ host can be > added. But we start with the one WE like. > > Please comment! > > > TWO > >>> API which is intended to replace syslog(3). > > Don't bed on that. I have seen several would be replacements for > syslog. They generaly fail to replace syslog, or the fail completely. > > So stick to syslog and it standards. Sure learn from all. But focus > on syslog-sec! > > --Groetjes > ALbert Mietus > Send prive mail to: ALbert at ons-huis dot net > Don't send spam mail! > http://albert.mietus.nl http://albert.mietus.nl/read.IT > > > > ------------------------------------------------------------------------- > Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services for > just about anything Open Source. > http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace > _______________________________________________ > Syslog-sec-misc mailing list > Sys...@li... > https://lists.sourceforge.net/lists/listinfo/syslog-sec-misc > |
|
From: Adam H. <ha...@gm...> - 2008-04-02 23:23:34
|
On Apr,Wednesday 2 2008, at 11:04 PM, Albert Mietus wrote: > Two remarks > > > ONE > >>> I've looked at the different versions and found some main >>> differences: >>> OpenBSD: splits syslogd for privilege separation >>> FreeBSD: 2nd socket for ... >>> DragonFly: adds a ring buffer >>> NetBSD: seems 'just' to be refactored and with more checks > >>> A merge of current FreeBSD and NetBSD code could be a first step. >>> I am just afraid it might become a political issue early on ;-) > >> yeah I'm almost sure that this will happen :). > > I think we should (on SF) try to keep out the politics ... > > That would be possible by NOT merging code & politics from the *BSD > code-bases. > > When I started, long ago, I tried to keep the (then only FreeBSD) > source file almost unchanged and just added the "sec" part. > > The files .../FreeBSD-syslogd/usr.sbin.syslog/syslog* are coming from > BSD, the file .../sl_* are "mine" and are as independent of the > original as possible (some call to sl_* functions are added:-) > > Is it possible to exent this idea, and separate file like (as an > example/proposal): > .../sl-sec/* the "extra" functionality for -sec (spit in sec/sign/ > sec/*/) > .../host/FreeBSD/ The (minimally) addapted FreeBSD srcs > .../host/netBSD/ same for netBSD > .../host/OpenBSD/ same ... idem > .../host/... you get the idea. > And also: > .../stand/ A "stand alone", "best of bread" , as we see it > version of syslog(d) yeah I think that this seems good. > > > Then, each *BSD can easily port the (our) SF code there BSD, by > taking the host/* version and the shared -sec code. > Eventually (and likely), they will decide to go for the best of bread > version. Then THEY make the decision; we are happy to get our code > incorporated and everybody wins by better, integrated, and secure > syslog. > > Note: even a .../linux/, ../WinDos/... or ../whatEver/ host can be > added. But we start with the one WE like. > > Please comment! I will think more about this later today after some sleep :). > > > > TWO > >>> API which is intended to replace syslog(3). > > Don't bed on that. I have seen several would be replacements for > syslog. They generaly fail to replace syslog, or the fail completely. > > So stick to syslog and it standards. Sure learn from all. But focus > on syslog-sec! yes syslog API is used to long and therefore it is really hard to substitute it with other API. Regards Adam. |
|
From: Martin S. <li...@ms...> - 2008-04-02 22:44:53
|
Albert Mietus schrieb: > Then, each *BSD can easily port the (our) SF code there BSD, by > taking the host/* version and the shared -sec code. Ack. >>> API which is intended to replace syslog(3). > Don't bed on that. I have seen several would be replacements for > syslog. They generaly fail to replace syslog, or the fail completely. > > So stick to syslog and it standards. Sure learn from all. But focus > on syslog-sec! Of course _any_ "replacement" will be just an additional function. syslog(3) is widely used and will stay for some decades. But I would like my software to move forward to syslog-protocol with its additional data fields; one way to push that is by providing one new API that makes it easy to include IDs and structured data. In that respect even Apple's asl is not really sufficient to be that new API, because a) the new MSGID field is not supported (although this could be worked arround), and more important b) the key=value pairs have predefined keys, and even if implemented with arbitrary keys there is no way to specify the namespace (=SD-ID). So this API would not enable, but prevent a move to syslog-protocol. :-/ This whole API question is not really part of syslog-sec, but some work in this direction belongs to my GSoC project. -- Martin |
|
From: Albert M. <al...@on...> - 2008-04-02 21:05:10
|
Two remarks
ONE
>> I've looked at the different versions and found some main
>> differences:
>> OpenBSD: splits syslogd for privilege separation
>> FreeBSD: 2nd socket for ...
>> DragonFly: adds a ring buffer
>> NetBSD: seems 'just' to be refactored and with more checks
>> A merge of current FreeBSD and NetBSD code could be a first step.
>> I am just afraid it might become a political issue early on ;-)
> yeah I'm almost sure that this will happen :).
I think we should (on SF) try to keep out the politics ...
That would be possible by NOT merging code & politics from the *BSD
code-bases.
When I started, long ago, I tried to keep the (then only FreeBSD)
source file almost unchanged and just added the "sec" part.
The files .../FreeBSD-syslogd/usr.sbin.syslog/syslog* are coming from
BSD, the file .../sl_* are "mine" and are as independent of the
original as possible (some call to sl_* functions are added:-)
Is it possible to exent this idea, and separate file like (as an
example/proposal):
.../sl-sec/* the "extra" functionality for -sec (spit in sec/sign/
sec/*/)
.../host/FreeBSD/ The (minimally) addapted FreeBSD srcs
.../host/netBSD/ same for netBSD
.../host/OpenBSD/ same ... idem
.../host/... you get the idea.
And also:
.../stand/ A "stand alone", "best of bread" , as we see it
version of syslog(d)
Then, each *BSD can easily port the (our) SF code there BSD, by
taking the host/* version and the shared -sec code.
Eventually (and likely), they will decide to go for the best of bread
version. Then THEY make the decision; we are happy to get our code
incorporated and everybody wins by better, integrated, and secure
syslog.
Note: even a .../linux/, ../WinDos/... or ../whatEver/ host can be
added. But we start with the one WE like.
Please comment!
TWO
>> API which is intended to replace syslog(3).
Don't bed on that. I have seen several would be replacements for
syslog. They generaly fail to replace syslog, or the fail completely.
So stick to syslog and it standards. Sure learn from all. But focus
on syslog-sec!
--Groetjes
ALbert Mietus
Send prive mail to: ALbert at ons-huis dot net
Don't send spam mail!
http://albert.mietus.nl http://albert.mietus.nl/read.IT
|
|
From: Albert M. <al...@on...> - 2008-04-02 20:39:32
|
On 2 Apr 2008., at 1:00, Martin Schütte wrote: > >>> Today you are applying; that nice. You can become developer #3 >> Cool:) > > My SF.net-ID is 'slyh'. You added --Groetjes ALbert Mietus Send prive mail to: ALbert at ons-huis dot net Don't send spam mail! http://albert.mietus.nl http://albert.mietus.nl/read.IT |
|
From: Adam H. <ha...@gm...> - 2008-04-01 23:52:00
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Apr,Wednesday 2 2008, at 1:00 AM, Martin Schütte wrote: > Adam Hamsik schrieb: >> Yes syslog-sign is part of my university Diploma thesis. Yes I'm >> NetBSD developer so one of my tasks is integration with NetBSD base >> system. I have had quick look at our actual code base and it differs >> in some points, I have to thing how merge them so we can work on one >> syslog which can run on NetBSD nad FreeBSD. > > I've looked at the different versions and found some main differences: > OpenBSD: splits syslogd for privilege separation > FreeBSD: 2nd socket for privileged processes and allowed peer > addresses > DragonFly: adds a ring buffer > NetBSD: seems 'just' to be refactored and with more checks > > A merge of current FreeBSD and NetBSD code could be a first step. > I am just afraid it might become a political issue early on ;-) > yeah I'm almost sure that this will happen :). >>> Today you are applying; that nice. You can become developer #3 >> Cool:) > > My SF.net-ID is 'slyh'. > >> I think that there are 2-3 major tasks on which We should work > > Just for information; my current GSoC application includes as a rough > schedule: > - TLS transport > - local buffer to bridge lost connectivity > - syslog-protocol in syslogd(8) > - syslog-protocol in syslog(3) > - test & debug > - read/check existing syslog-sign > - integrate syslog-sign > - new library function > - review options and configuration > > Two possible extensions are: > - reliable local delivery with a yet to be implemented > socket(PF_LOCAL, SOCK_SEQPACKET, 0) > - D. Spinellis pointed me to Apple's asl(3) API which is intended to > replace syslog(3). Implementing these functions is probably better > than > inventing a new API for syslog-protocol. > (http://developer.apple.com/documentation/Darwin/Reference/ManPages/man3/asl.3.html > ) > this is nice I have to look at it more. > Accepted GSoC-proposals are announced on April 21st. Then I will > know if > I can afford to work on this full time. > > -- > Martin > > ------------------------------------------------------------------------- > Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services for > just about anything Open Source. > http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace > _______________________________________________ > Syslog-sec-misc mailing list > Sys...@li... > https://lists.sourceforge.net/lists/listinfo/syslog-sec-misc Regards Adam. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iD8DBQFH8sqRlIxPgX3Go0MRAjoBAKCZsnusitt1nYD+aCVoskdXGp2U2wCfRe0J /rPhPfBo26OrGZ1Jq9eRmXg= =VlkK -----END PGP SIGNATURE----- |
|
From: Martin S. <li...@ms...> - 2008-04-01 23:00:31
|
Adam Hamsik schrieb: > Yes syslog-sign is part of my university Diploma thesis. Yes I'm > NetBSD developer so one of my tasks is integration with NetBSD base > system. I have had quick look at our actual code base and it differs > in some points, I have to thing how merge them so we can work on one > syslog which can run on NetBSD nad FreeBSD. I've looked at the different versions and found some main differences: OpenBSD: splits syslogd for privilege separation FreeBSD: 2nd socket for privileged processes and allowed peer addresses DragonFly: adds a ring buffer NetBSD: seems 'just' to be refactored and with more checks A merge of current FreeBSD and NetBSD code could be a first step. I am just afraid it might become a political issue early on ;-) >> Today you are applying; that nice. You can become developer #3 > Cool:) My SF.net-ID is 'slyh'. > I think that there are 2-3 major tasks on which We should work Just for information; my current GSoC application includes as a rough schedule: - TLS transport - local buffer to bridge lost connectivity - syslog-protocol in syslogd(8) - syslog-protocol in syslog(3) - test & debug - read/check existing syslog-sign - integrate syslog-sign - new library function - review options and configuration Two possible extensions are: - reliable local delivery with a yet to be implemented socket(PF_LOCAL, SOCK_SEQPACKET, 0) - D. Spinellis pointed me to Apple's asl(3) API which is intended to replace syslog(3). Implementing these functions is probably better than inventing a new API for syslog-protocol. (http://developer.apple.com/documentation/Darwin/Reference/ManPages/man3/asl.3.html) Accepted GSoC-proposals are announced on April 21st. Then I will know if I can afford to work on this full time. -- Martin |
|
From: Albert M. <al...@on...> - 2008-04-01 18:33:40
|
Hello all,
I'm glad there is some activity on syslog-sec again. And updating
some adminstivia.
Currently only Adam ('ha*d'; I see different numbers of a's:-) and me
(albert; albert-thuis) have an developer bit. Did I forget to add
somebody?
Send you sf-id and I will add you ASAP
Please note: if I don't respond in a few days, resend. Probably you
ended in a spam-filter. I really need a not-spam-filter:-) as that is
less ....
--Groetjes
ALbert Mietus
Send prive mail to: ALbert at ons-huis dot net
Don't send spam mail!
http://albert.mietus.nl http://albert.mietus.nl/read.IT
|
|
From: Albert M. <al...@on...> - 2008-04-01 11:42:08
|
Hello Francisco,
Around Feb 2007 we exchanged some mails about syslog-sec; which I
partly implemented on SF.
You wanted to contribute to FreeBSD
I said, there was hardly anything going on, but recently (last week)
I got some more emails about syslog-sec (in SF)
So it seams there is work going on (or starting). See the list at SF
for more detail.
If you are working on it, or have plans, please:
subscribe to syslog-sec-misc AT lists DOT sourceforge DOT net
Send you SF code, and I will add you as developer
Share/Develop on SF; the others will too
---Best Regards
ALbert Mietus
Send prive mail to: ALbert at ons-huis dot net
Don't send spam mail!
http://albert.mietus.nl http://albert.mietus.nl/read.IT
|
|
From: Adam H. <ha...@gm...> - 2008-04-01 10:36:26
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mar,Sunday 30 2008, at 5:30 PM, Albert Mietus wrote: > Halo Martin, (and Adam) > Hi Martin and Albert > For a long time nobody was working on syslog-sec > However, Adam Hamsik recently shown interest. His focus is netBSD > (If I'm right) and is developer # for syslog-sec. Yes syslog-sign is part of my university Diploma thesis. Yes I'm NetBSD developer so one of my tasks is integration with NetBSD base system. I have had quick look at our actual code base and it differs in some points, I have to thing how merge them so we can work on one syslog which can run on NetBSD nad FreeBSD. > > > Today you are applying; that nice. You can become developer #3 > Cool:) > I think your help (as GSoC) is welcome, Personally I don't have much > time (of any) But would love to see the result. And can spend some > time "in the background" on it (I hope) > > This mail is CC'd to Adam, and to the SF list: "syslog-sec-misc AT > list....", to archive. > > I thinks it would be wise to subscribe to that list and use it for > discussion and all other communication. > Please add yourself to that list > > > P.S. See my personal website (which is old old old...) for a > presentation about syslog-sec. Hope that helps Yes that's presentation is really helpfull. > > > If needed, I can re-send some mails between Adam an me to the list, > for archive (if adam agrees) > > Fine with me. [snip] I think that there are 2-3 major tasks on which We should work 1) TLS support last version of syslog-sign rfc draft require tls protocol support in syslog. 2) Syslog sign protocol 3) Update syslog to support latest 3164 update. I will update all docs in our repository when I will find some time for it :). Regards Adam. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iD8DBQFH8hAclIxPgX3Go0MRAjimAKDN8bqkFDd6cwl385OUsBX4FG/+8gCbBKre lJBVFg+ZMKkj4FW74L0Jobs= =/KZY -----END PGP SIGNATURE----- |
|
From: Albert M. <al...@on...> - 2008-03-30 15:31:02
|
Halo Martin, (and Adam) For a long time nobody was working on syslog-sec However, Adam Hamsik recently shown interest. His focus is netBSD (If I'm right) and is developer # for syslog-sec. Today you are applying; that nice. You can become developer #3 I think your help (as GSoC) is welcome, Personally I don't have much time (of any) But would love to see the result. And can spend some time "in the background" on it (I hope) This mail is CC'd to Adam, and to the SF list: "syslog-sec-misc AT list....", to archive. I thinks it would be wise to subscribe to that list and use it for discussion and all other communication. Please add yourself to that list P.S. See my personal website (which is old old old...) for a presentation about syslog-sec. Hope that helps If needed, I can re-send some mails between Adam an me to the list, for archive (if adam agrees) On 30 Mar 2008., at 16:53, Martin Schütte wrote: > Hello, > I would like to ask if your syslog-sec implementation on Sourceforge > (http://sourceforge.net/projects/syslog-sec/) is complete 'as is' > or if > you know of further developement. > > Reason is I am applying as a student for Google Summer of Code and > want to implement the new IETF standards for BSD's syslogd. Thus I > would like to integrate syslog-sec for sylog-sign (besides support > for transport-tls and syslog-protocol). > > If your are interested in my project and further development I > would be happy to hear from you. > > Regards, > Martin --Groetjes ALbert Mietus Send prive mail to: ALbert at ons-huis dot net Don't send spam mail! http://albert.mietus.nl http://albert.mietus.nl/read.IT |
|
From: <ben...@id...> - 2004-05-22 12:22:27
|
Dear Open Source developer I am doing a research project on "Fun and Software Development" in which I kindly invite you to participate. You will find the online survey under http://fasd.ethz.ch/qsf/. The questionnaire consists of 53 questions and you will need about 15 minutes to complete it. With the FASD project (Fun and Software Development) we want to define the motivational significance of fun when software developers decide to engage in Open Source projects. What is special about our research project is that a similar survey is planned with software developers in commercial firms. This procedure allows the immediate comparison between the involved individuals and the conditions of production of these two development models. Thus we hope to obtain substantial new insights to the phenomenon of Open Source Development. With many thanks for your participation, Benno Luthiger PS: The results of the survey will be published under http://www.isu.unizh.ch/fuehrung/blprojects/FASD/. We have set up the mailing list fa...@we... for this study. Please see http://fasd.ethz.ch/qsf/mailinglist_en.html for registration to this mailing list. _______________________________________________________________________ Benno Luthiger Swiss Federal Institute of Technology Zurich 8092 Zurich Mail: benno.luthiger(at)id.ethz.ch _______________________________________________________________________ |
|
From: Albert M. <al...@on...> - 2004-03-15 21:32:13
|
Patrice Le Vexier writes:
> i would be interested to participate to your syslog-sec
> project. Is the project maintained or stopped ?
No the project isn't stopped. Actually, is even made a few changes
last day. But I didn't change a a lot due to lack-of-time. And and
other syslog-sec related SW (which aren't yet on SF).
Also, syslog-sign (draft) RFC and the other syslog RFC's cost a lot of time:-)
So, be welcome to participate!
I don't have a list of priorities handy, bot top of head:
* testing of the SW
* update of man page
* porting from FreeBSD to other Unixes (&Linux)
* upgrading form 4.* based FreeBSD source-base to 5.2.1 source-base
* re-enabling of "compression of repeated instances" (option -c)
* a lot more,
Feel free to suggest other items,
Greeting and welcome
Note: for the moment, please send patches to me, latter I can and
give an "commit bit", so your able to commit
Note: please reply to me AND to sys...@li... list
--ALbert
|
|
From: <Al...@on...> - 2003-04-16 16:19:16
|
Ricardo Mesquita wrote: > Im a fbsd user for about 2 years and i have some skills on C > language, assembly, and networks. I dont have any problemas > reading and following rfcs. And even on small scale i hope on > joining your project. Hello Ricardo, Yo are welcome to this project; Please add yourself to the mailing list of this project at : http://lists.sourceforge.net/lists/listinfo/syslog-sec-misc The " syslog-sec-misc @ SF " list is meant to collect all people, idea and general communication about this project. You can read the archive at: http://sourceforge.net/mailarchive/forum.php?forum=syslog-sec-misc See some mails there about the goal of this project. I "collect" this kind of mails there. Also this mail is CC there. --ALbert |
|
From: <Al...@on...> - 2003-04-15 07:57:28
|
Hello Ivan > I see you're looking for some help in your secure > syslog project. I'm interested and would like to know > more about this project. May I point to https://sourceforge.net/mailarchive/forum.php?forum_id=32574 Which is the mailing list archive on this project. You will find some mail (including this one) about this topic. > BTW, I work on Linux, am fluent in C, general > Unix programming and networking. Great, You welcome. ALbert |
|
From: <Al...@on...> - 2003-04-15 07:51:19
|
Hello Stephan, > I am interested in your syslog-sign project. Nice to hear you have interest in this project. ! > Can I have some questions? Sure, ;-) > 1. why did u start the project? > 2. what is your goal? > 3. is there anyone out there doing the same thing? > 4. what do u expect from other developers? May I, point to an earlier mailing, on the same topic: https://sourceforge.net/mailarchive/forum.php?thread_id=1956224&forum_id=32574 In short, the project started for "fun" and because "(IT) security" is past of my job. And because I was "part of a team working on Logging (that project itself is ended). The goal is "the first free/open implementation of the secure syslog protocol's (se the link above). There is no other project working on this; as far as I know. There are other "syslog (like) projects. But non is working on base of the RFC's. I hope other developers will work along and expect they "do the best they can". Sure, developers must be willing to donate code "for free". I think "secure and safe" programming is a must, especially for security projects. If you have that "level", I'm willing to give CVS access. But other solutions are also possible. Last, I expect them to communicate by the syslog-sec-misc@ SF .net list. You can add your self at: http://lists.sourceforge.net/lists/listinfo/syslog-sec-misc Note. I send this to that list to, for archiving Albert |
|
From: Albert M. <al...@mo...> - 2003-04-11 10:36:53
|
Graeme Kerry writes: > I am quite interested in your project. Could you give me some > more info as to what your goals for the endproduct are. > I can program in C and run Slackware Linux 8.1 on one of my > machines. Hello Graeme, The purpose of this project is simple: be the first open implementation of "secure syslog". Recently (for some time:-), there is an IETF WG about "secure syslog". (See http://www.employees.org/~lonvick/index.shtml for more in about that.) This WG has written rfc3164; the standard about "normal" syslog (protocol), which wasn't described before. And has written (and is) some more standards to secure (and enhance) syslog, like syslog-sign and others. As far as I know, there is no (free or open) implementation of any of these protocol; so it is nice to be the first one! Currently, I have a implementation of syslogd, that "speaks" both rfc3164 syslog and syslog-sign (but only the draft-07 version; which is changed in the draft-09). It is based on FreeBSD code; and I have tested it only on FreeBSD. Below, some idea's about what can be done... Possible you can "port" it to Linux; and make the changes to version 09. Also, some the manpage has to be updated. An other task is, to reimplement the "compression" code. The old FreeBSD version did "compress" repeating (equal) log line, by replacing the lot of copies by a line "last message repeated N time". I had to remove that; due to time constrains. But it needs to come back. I have started (in Obj-C) a tool to verify syslog-sign. You can help there to. If you have other "good" idea's; they are welcome! Note: You can download the (draft) rfc's from the link above (or in the doc dir in SF; (filename has no version number; I use CVS:-) Currently draft07 stored. I will update to 09 shortly). Note: I have given a presenattion about "my implementation", you can download a (PDF) copy at: http://eurobsdcon.org/papers/#mietus (follow link). Last, please add you self to the mailinglist about this project. sys...@li... You can do so at: http://lists.sourceforge.net/lists/listinfo/syslog-sec-misc |
1 message has been excluded from this view by a project administrator.
