Thread: Re: Syslog-sec-misc @ SF: syslog
Status: Abandoned
Brought to you by:
albert-thuis
From: Albert M. <al...@on...> - 2008-03-30 15:31:02
|
Halo Martin, (and Adam) For a long time nobody was working on syslog-sec However, Adam Hamsik recently shown interest. His focus is netBSD (If I'm right) and is developer # for syslog-sec. Today you are applying; that nice. You can become developer #3 I think your help (as GSoC) is welcome, Personally I don't have much time (of any) But would love to see the result. And can spend some time "in the background" on it (I hope) This mail is CC'd to Adam, and to the SF list: "syslog-sec-misc AT list....", to archive. I thinks it would be wise to subscribe to that list and use it for discussion and all other communication. Please add yourself to that list P.S. See my personal website (which is old old old...) for a presentation about syslog-sec. Hope that helps If needed, I can re-send some mails between Adam an me to the list, for archive (if adam agrees) On 30 Mar 2008., at 16:53, Martin Schütte wrote: > Hello, > I would like to ask if your syslog-sec implementation on Sourceforge > (http://sourceforge.net/projects/syslog-sec/) is complete 'as is' > or if > you know of further developement. > > Reason is I am applying as a student for Google Summer of Code and > want to implement the new IETF standards for BSD's syslogd. Thus I > would like to integrate syslog-sec for sylog-sign (besides support > for transport-tls and syslog-protocol). > > If your are interested in my project and further development I > would be happy to hear from you. > > Regards, > Martin --Groetjes ALbert Mietus Send prive mail to: ALbert at ons-huis dot net Don't send spam mail! http://albert.mietus.nl http://albert.mietus.nl/read.IT |
From: Albert M. <al...@on...> - 2008-04-02 21:05:10
|
Two remarks ONE >> I've looked at the different versions and found some main >> differences: >> OpenBSD: splits syslogd for privilege separation >> FreeBSD: 2nd socket for ... >> DragonFly: adds a ring buffer >> NetBSD: seems 'just' to be refactored and with more checks >> A merge of current FreeBSD and NetBSD code could be a first step. >> I am just afraid it might become a political issue early on ;-) > yeah I'm almost sure that this will happen :). I think we should (on SF) try to keep out the politics ... That would be possible by NOT merging code & politics from the *BSD code-bases. When I started, long ago, I tried to keep the (then only FreeBSD) source file almost unchanged and just added the "sec" part. The files .../FreeBSD-syslogd/usr.sbin.syslog/syslog* are coming from BSD, the file .../sl_* are "mine" and are as independent of the original as possible (some call to sl_* functions are added:-) Is it possible to exent this idea, and separate file like (as an example/proposal): .../sl-sec/* the "extra" functionality for -sec (spit in sec/sign/ sec/*/) .../host/FreeBSD/ The (minimally) addapted FreeBSD srcs .../host/netBSD/ same for netBSD .../host/OpenBSD/ same ... idem .../host/... you get the idea. And also: .../stand/ A "stand alone", "best of bread" , as we see it version of syslog(d) Then, each *BSD can easily port the (our) SF code there BSD, by taking the host/* version and the shared -sec code. Eventually (and likely), they will decide to go for the best of bread version. Then THEY make the decision; we are happy to get our code incorporated and everybody wins by better, integrated, and secure syslog. Note: even a .../linux/, ../WinDos/... or ../whatEver/ host can be added. But we start with the one WE like. Please comment! TWO >> API which is intended to replace syslog(3). Don't bed on that. I have seen several would be replacements for syslog. They generaly fail to replace syslog, or the fail completely. So stick to syslog and it standards. Sure learn from all. But focus on syslog-sec! --Groetjes ALbert Mietus Send prive mail to: ALbert at ons-huis dot net Don't send spam mail! http://albert.mietus.nl http://albert.mietus.nl/read.IT |
From: Martin S. <li...@ms...> - 2008-04-02 22:44:53
|
Albert Mietus schrieb: > Then, each *BSD can easily port the (our) SF code there BSD, by > taking the host/* version and the shared -sec code. Ack. >>> API which is intended to replace syslog(3). > Don't bed on that. I have seen several would be replacements for > syslog. They generaly fail to replace syslog, or the fail completely. > > So stick to syslog and it standards. Sure learn from all. But focus > on syslog-sec! Of course _any_ "replacement" will be just an additional function. syslog(3) is widely used and will stay for some decades. But I would like my software to move forward to syslog-protocol with its additional data fields; one way to push that is by providing one new API that makes it easy to include IDs and structured data. In that respect even Apple's asl is not really sufficient to be that new API, because a) the new MSGID field is not supported (although this could be worked arround), and more important b) the key=value pairs have predefined keys, and even if implemented with arbitrary keys there is no way to specify the namespace (=SD-ID). So this API would not enable, but prevent a move to syslog-protocol. :-/ This whole API question is not really part of syslog-sec, but some work in this direction belongs to my GSoC project. -- Martin |
From: Adam H. <ha...@gm...> - 2008-04-02 23:23:34
|
On Apr,Wednesday 2 2008, at 11:04 PM, Albert Mietus wrote: > Two remarks > > > ONE > >>> I've looked at the different versions and found some main >>> differences: >>> OpenBSD: splits syslogd for privilege separation >>> FreeBSD: 2nd socket for ... >>> DragonFly: adds a ring buffer >>> NetBSD: seems 'just' to be refactored and with more checks > >>> A merge of current FreeBSD and NetBSD code could be a first step. >>> I am just afraid it might become a political issue early on ;-) > >> yeah I'm almost sure that this will happen :). > > I think we should (on SF) try to keep out the politics ... > > That would be possible by NOT merging code & politics from the *BSD > code-bases. > > When I started, long ago, I tried to keep the (then only FreeBSD) > source file almost unchanged and just added the "sec" part. > > The files .../FreeBSD-syslogd/usr.sbin.syslog/syslog* are coming from > BSD, the file .../sl_* are "mine" and are as independent of the > original as possible (some call to sl_* functions are added:-) > > Is it possible to exent this idea, and separate file like (as an > example/proposal): > .../sl-sec/* the "extra" functionality for -sec (spit in sec/sign/ > sec/*/) > .../host/FreeBSD/ The (minimally) addapted FreeBSD srcs > .../host/netBSD/ same for netBSD > .../host/OpenBSD/ same ... idem > .../host/... you get the idea. > And also: > .../stand/ A "stand alone", "best of bread" , as we see it > version of syslog(d) yeah I think that this seems good. > > > Then, each *BSD can easily port the (our) SF code there BSD, by > taking the host/* version and the shared -sec code. > Eventually (and likely), they will decide to go for the best of bread > version. Then THEY make the decision; we are happy to get our code > incorporated and everybody wins by better, integrated, and secure > syslog. > > Note: even a .../linux/, ../WinDos/... or ../whatEver/ host can be > added. But we start with the one WE like. > > Please comment! I will think more about this later today after some sleep :). > > > > TWO > >>> API which is intended to replace syslog(3). > > Don't bed on that. I have seen several would be replacements for > syslog. They generaly fail to replace syslog, or the fail completely. > > So stick to syslog and it standards. Sure learn from all. But focus > on syslog-sec! yes syslog API is used to long and therefore it is really hard to substitute it with other API. Regards Adam. |
From: Francisco G. <fra...@fn...> - 2008-04-03 10:21:16
|
Hi folks, I'm just this guy that wants to contribute to FreeBSD and Albert was kind enough to invite me to this (re)start of syslog-sec, no academia behind me though. I do think politics are something that we shouldn't be worried about since the BSD projects will ultimately decide on what they want for themselves. I thought of syslog-sec as freebsd's syslog with security features added-in and as such perhaps one could consider having a good look into *BSD's syslogs and perhaps create an abstract layer for the security enhancements that could be fitted into each of the diferent code trains. im not sure if you guys are thinking of doing a syslog from scratch...if so, i'm all for it ;) Kind Regards, Francisco Guerreiro Quoting Albert Mietus <al...@on...>: > Two remarks > > > ONE > >>> I've looked at the different versions and found some main >>> differences: >>> OpenBSD: splits syslogd for privilege separation >>> FreeBSD: 2nd socket for ... >>> DragonFly: adds a ring buffer >>> NetBSD: seems 'just' to be refactored and with more checks > >>> A merge of current FreeBSD and NetBSD code could be a first step. >>> I am just afraid it might become a political issue early on ;-) > >> yeah I'm almost sure that this will happen :). > > I think we should (on SF) try to keep out the politics ... > > That would be possible by NOT merging code & politics from the *BSD > code-bases. > > When I started, long ago, I tried to keep the (then only FreeBSD) > source file almost unchanged and just added the "sec" part. > > The files .../FreeBSD-syslogd/usr.sbin.syslog/syslog* are coming from > BSD, the file .../sl_* are "mine" and are as independent of the > original as possible (some call to sl_* functions are added:-) > > Is it possible to exent this idea, and separate file like (as an > example/proposal): > .../sl-sec/* the "extra" functionality for -sec (spit in sec/sign/ > sec/*/) > .../host/FreeBSD/ The (minimally) addapted FreeBSD srcs > .../host/netBSD/ same for netBSD > .../host/OpenBSD/ same ... idem > .../host/... you get the idea. > And also: > .../stand/ A "stand alone", "best of bread" , as we see it > version of syslog(d) > > Then, each *BSD can easily port the (our) SF code there BSD, by > taking the host/* version and the shared -sec code. > Eventually (and likely), they will decide to go for the best of bread > version. Then THEY make the decision; we are happy to get our code > incorporated and everybody wins by better, integrated, and secure > syslog. > > Note: even a .../linux/, ../WinDos/... or ../whatEver/ host can be > added. But we start with the one WE like. > > Please comment! > > > TWO > >>> API which is intended to replace syslog(3). > > Don't bed on that. I have seen several would be replacements for > syslog. They generaly fail to replace syslog, or the fail completely. > > So stick to syslog and it standards. Sure learn from all. But focus > on syslog-sec! > > --Groetjes > ALbert Mietus > Send prive mail to: ALbert at ons-huis dot net > Don't send spam mail! > http://albert.mietus.nl http://albert.mietus.nl/read.IT > > > > ------------------------------------------------------------------------- > Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services for > just about anything Open Source. > http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace > _______________________________________________ > Syslog-sec-misc mailing list > Sys...@li... > https://lists.sourceforge.net/lists/listinfo/syslog-sec-misc > |
From: Adam H. <ha...@gm...> - 2008-04-01 10:36:26
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mar,Sunday 30 2008, at 5:30 PM, Albert Mietus wrote: > Halo Martin, (and Adam) > Hi Martin and Albert > For a long time nobody was working on syslog-sec > However, Adam Hamsik recently shown interest. His focus is netBSD > (If I'm right) and is developer # for syslog-sec. Yes syslog-sign is part of my university Diploma thesis. Yes I'm NetBSD developer so one of my tasks is integration with NetBSD base system. I have had quick look at our actual code base and it differs in some points, I have to thing how merge them so we can work on one syslog which can run on NetBSD nad FreeBSD. > > > Today you are applying; that nice. You can become developer #3 > Cool:) > I think your help (as GSoC) is welcome, Personally I don't have much > time (of any) But would love to see the result. And can spend some > time "in the background" on it (I hope) > > This mail is CC'd to Adam, and to the SF list: "syslog-sec-misc AT > list....", to archive. > > I thinks it would be wise to subscribe to that list and use it for > discussion and all other communication. > Please add yourself to that list > > > P.S. See my personal website (which is old old old...) for a > presentation about syslog-sec. Hope that helps Yes that's presentation is really helpfull. > > > If needed, I can re-send some mails between Adam an me to the list, > for archive (if adam agrees) > > Fine with me. [snip] I think that there are 2-3 major tasks on which We should work 1) TLS support last version of syslog-sign rfc draft require tls protocol support in syslog. 2) Syslog sign protocol 3) Update syslog to support latest 3164 update. I will update all docs in our repository when I will find some time for it :). Regards Adam. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iD8DBQFH8hAclIxPgX3Go0MRAjimAKDN8bqkFDd6cwl385OUsBX4FG/+8gCbBKre lJBVFg+ZMKkj4FW74L0Jobs= =/KZY -----END PGP SIGNATURE----- |
From: Martin S. <li...@ms...> - 2008-04-01 23:00:31
|
Adam Hamsik schrieb: > Yes syslog-sign is part of my university Diploma thesis. Yes I'm > NetBSD developer so one of my tasks is integration with NetBSD base > system. I have had quick look at our actual code base and it differs > in some points, I have to thing how merge them so we can work on one > syslog which can run on NetBSD nad FreeBSD. I've looked at the different versions and found some main differences: OpenBSD: splits syslogd for privilege separation FreeBSD: 2nd socket for privileged processes and allowed peer addresses DragonFly: adds a ring buffer NetBSD: seems 'just' to be refactored and with more checks A merge of current FreeBSD and NetBSD code could be a first step. I am just afraid it might become a political issue early on ;-) >> Today you are applying; that nice. You can become developer #3 > Cool:) My SF.net-ID is 'slyh'. > I think that there are 2-3 major tasks on which We should work Just for information; my current GSoC application includes as a rough schedule: - TLS transport - local buffer to bridge lost connectivity - syslog-protocol in syslogd(8) - syslog-protocol in syslog(3) - test & debug - read/check existing syslog-sign - integrate syslog-sign - new library function - review options and configuration Two possible extensions are: - reliable local delivery with a yet to be implemented socket(PF_LOCAL, SOCK_SEQPACKET, 0) - D. Spinellis pointed me to Apple's asl(3) API which is intended to replace syslog(3). Implementing these functions is probably better than inventing a new API for syslog-protocol. (http://developer.apple.com/documentation/Darwin/Reference/ManPages/man3/asl.3.html) Accepted GSoC-proposals are announced on April 21st. Then I will know if I can afford to work on this full time. -- Martin |
From: Adam H. <ha...@gm...> - 2008-04-01 23:52:00
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Apr,Wednesday 2 2008, at 1:00 AM, Martin Schütte wrote: > Adam Hamsik schrieb: >> Yes syslog-sign is part of my university Diploma thesis. Yes I'm >> NetBSD developer so one of my tasks is integration with NetBSD base >> system. I have had quick look at our actual code base and it differs >> in some points, I have to thing how merge them so we can work on one >> syslog which can run on NetBSD nad FreeBSD. > > I've looked at the different versions and found some main differences: > OpenBSD: splits syslogd for privilege separation > FreeBSD: 2nd socket for privileged processes and allowed peer > addresses > DragonFly: adds a ring buffer > NetBSD: seems 'just' to be refactored and with more checks > > A merge of current FreeBSD and NetBSD code could be a first step. > I am just afraid it might become a political issue early on ;-) > yeah I'm almost sure that this will happen :). >>> Today you are applying; that nice. You can become developer #3 >> Cool:) > > My SF.net-ID is 'slyh'. > >> I think that there are 2-3 major tasks on which We should work > > Just for information; my current GSoC application includes as a rough > schedule: > - TLS transport > - local buffer to bridge lost connectivity > - syslog-protocol in syslogd(8) > - syslog-protocol in syslog(3) > - test & debug > - read/check existing syslog-sign > - integrate syslog-sign > - new library function > - review options and configuration > > Two possible extensions are: > - reliable local delivery with a yet to be implemented > socket(PF_LOCAL, SOCK_SEQPACKET, 0) > - D. Spinellis pointed me to Apple's asl(3) API which is intended to > replace syslog(3). Implementing these functions is probably better > than > inventing a new API for syslog-protocol. > (http://developer.apple.com/documentation/Darwin/Reference/ManPages/man3/asl.3.html > ) > this is nice I have to look at it more. > Accepted GSoC-proposals are announced on April 21st. Then I will > know if > I can afford to work on this full time. > > -- > Martin > > ------------------------------------------------------------------------- > Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services for > just about anything Open Source. > http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace > _______________________________________________ > Syslog-sec-misc mailing list > Sys...@li... > https://lists.sourceforge.net/lists/listinfo/syslog-sec-misc Regards Adam. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iD8DBQFH8sqRlIxPgX3Go0MRAjoBAKCZsnusitt1nYD+aCVoskdXGp2U2wCfRe0J /rPhPfBo26OrGZ1Jq9eRmXg= =VlkK -----END PGP SIGNATURE----- |
From: Albert M. <al...@on...> - 2008-04-02 20:39:32
|
On 2 Apr 2008., at 1:00, Martin Schütte wrote: > >>> Today you are applying; that nice. You can become developer #3 >> Cool:) > > My SF.net-ID is 'slyh'. You added --Groetjes ALbert Mietus Send prive mail to: ALbert at ons-huis dot net Don't send spam mail! http://albert.mietus.nl http://albert.mietus.nl/read.IT |