11.1Schristos<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd"> 21.1Schristos<html> 31.1Schristos<head> 41.1Schristos<title>NetBSD & Google's Summer of Code: Martin Schuette - Improve syslogd (syslogd)</title> 51.1Schristos</head> 61.1Schristos<body> 71.1Schristos 81.1Schristos<h1>syslog-sign</h1> 91.1Schristos<p><a href="http://tools.ietf.org/html/draft-ietf-syslog-sign">syslog-sign</a> defines digital signatures for logfiles. This provides end-to-end authentication for network transports, enables the detection of lost UDP messages, and also makes it possible to check a log archive for later modifications (assuming the private key was kept safe).</p> 101.1Schristos 111.1Schristos<h2>Signature Groups</h2> 121.2Sandvar<p>A basic concept of syslog-sign is the signature group which describes a set of messages that are grouped and signed together. Their purpose becomes clear with an example: assume you split your messages to two logservers <em>serverA</em> and <em>serverB</em>. Now if all messages were signed as one stream, then a) where do the signatures go to? and b) how could <em>serverA</em>, having only hashes and signatures, decide which message are missing and which are on <em>serverB</em>?<br> 131.1SchristosThus the messages are selected into two signature groups containing all signatures for messages to <em>serverA</em> and <em>serverB</em> respectively. Then every server has its own messages and its own signatures to verify them.</p> 141.1Schristos<p>There are three predefined and one custom signature groups:</p> 151.1Schristos<ol start="0"> 161.1Schristos <li>one global signature group, useful if all messages go to one central logserver anyway</li> 171.1Schristos <li>every syslog priority (=combination of facility and severity) gets its own group, i.e. 192 of them, useful if there are lots of different destinations which all receive messages with different priorities</li> 181.1Schristos <li>take the priorities and split them into intervals, useful to define bigger subsets, e.g. one signature group for the mail facility and two for everything else</li> 191.1Schristos <li>not defined and reserved for custom strategy. I use this to have one signature group for every configured destination. In this case the selector in syslog.conf will determine which messages go into one group; it is also the only strategy that allows a message to be in multiple groups.</li> 201.1Schristos</ol> 211.1Schristos<p>Every signature group has several attributes and only the combination of several values determines one signature group unambiguously. Currently the key to identify a signature group is the tuple (hostname, reboot session ID, SG value, SPRI value). <!-- In a later draft the program name or process ID might be added to allow multiple syslog-sign senders per host.--></p> 221.1Schristos 231.1Schristos<h2>Configuration/Activation</h2> 241.1Schristos<p>syslog-sign is enabled with the option "sign_sg" in syslog.conf. The value selects the signature group strategy, so for example the line "sign_sg=0" enables syslog-sign with one signature group.</p> 251.2Sandvar<p>The SG="2" strategy is the only one that might require additional configuration. When selected (with "sign_sg=2") the default is to use one signature group per facility (kernel, user, mail, ...). To allow custom configuration there is an additional option "sign_sg2_delim" to specify the numerical SPRI values, i.e. the boundaries between the signature groups.<br> 261.1SchristosExample: With "sign_sg2_delim = 15 31" syslogd will set up three signature groups: one for all priorities x ≤ 15 (kernel.*,user.*), one for priorities 15 < x ≤ 31 (mail.*), and one for all priorities x > 31.</p> 271.1Schristos 281.1Schristos<h2>Key, Signature, and Hash Types</h2> 291.1Schristos<p>The current internet draft defines two values for the VERsion field for using either SHA-1 or SHA-256 hashes. Both versions mandate DSA keys and signatures.<br> 301.1SchristosThere are several alternatives for sending the public key in the initial Certificate Block. If a X.509 certificate is available (for TLS connections) then syslogd will use key type 'C' (PKIX) and send the certificate in DER encoding. Otherwise it generates a new DSA key and uses key type 'K' (public key) to send the public key in DER encoding.</p> 311.1Schristos 321.1Schristos<h2>Redundancy</h2> 331.1Schristos<p>As mentioned above one design target of syslog-sign is the detection of lost messages, e.g. due to UDP datagram loss. So one has to take extra precaution to prevent lost signature messages and send them multiple times.<br> 341.1SchristosThis implementation sends the first Certificate block only on demand, just before the first Signature Block. After that it is resent <em>n</em> times with several seconds delay. The Signature Blocks are not repeated but use a sliding window so that every message hash is included in <em>m</em> sequential Signature Blocks.</p> 351.1Schristos 361.1Schristos<h2>Verification</h2> 371.1Schristos<p>Sending signatures is only half of the job, -- they have to be verified as well. I used Perl to write an <a href="verify-sign/verify.pl">offline verification</a> tool that reads a complete logfile and prints all messages in their correct order. See the example below for a sample usage and output.</p> 381.1Schristos 391.1Schristos<h2>Example</h2> 401.1Schristos<p>Here is an example of a signed message sequence. I let syslogd generate me a DSA key for a self-signed X.509 certificate and use that for signing. I also changed one message so you can see the resulting verification output below.</p> 411.1Schristos 421.1Schristos<pre> 431.1Schristos$ cat test.log 441.1Schristos<15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg0 451.1Schristos<15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg1 461.1Schristos<15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg2 471.1Schristos<15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg3 481.1Schristos<15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg4 491.1Schristos<15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg5 501.1Schristos<15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg6 511.1Schristos<15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg7 521.1Schristos<15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg8 531.1Schristos<15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg9 541.1Schristos<15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg10 551.1Schristos<15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg11 561.1Schristos<15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - modified msg12 571.1Schristos<15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg13 581.1Schristos<15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg14 591.1Schristos<110>1 2008-08-02T01:09:27.773505+02:00 host.example.org syslogd - - [ssign-cert VER="0111" RSID="1217632162" SG="3" SPRI="0" TBPL="1059" INDEX="1" FLEN="1059" FRAG="2008-08-02T01:09:27.773464+02:00 C MIIC+jCCArmgAwIBAwIBATAJBgcqhkjOOAQDMCIxIDAeBgNVBAMTF2NvcmRlbGlhLm1zY2h1ZXR0ZS5uYW1lMB4XDTA4MDczMDIyMDYyMloXDTA5MDczMDIyMDYyMlowIjEgMB4GA1UEAxMXY29yZGVsaWEubXNjaHVldHRlLm5hbWUwggG3MIIBKwYHKoZIzjgEATCCAR4CgYEA92S335Kxy2TTMfdg9Vi/CJvyDCHMHpPYxWwEkEI26xEdKybzLghTfbG/RZw/nnFuhRTH4Xe6GVvlFi2zIzySSClXr+zyXg/D9uHyiVL5TEsu8uQT2IREmGOB8pu70FukL9nQGOr82YxuRFQzZ1p6KltIggivi5ffR4B33+1xoSkCFQDYe5GJKM9Cw6nkLngHkzFGRmcXIQKBgDbHeOLBKYLkRZyRpXd0aTNU2igcKTWyWlUTySJuv/iTAeB09p9WyTIPyAhtqN77CIwX8Ui2jGu6NYT6TWEYJVvL+C/TvddAvAMyefv+w+HPNF2L77IVrjNVRCneERoNKlWc6IzjKH3otl/Lh2D7NAWRid55vxF6Z0oO459+4vpRA4GFAAKBgQCzcJVR343IRntcQs8aENs/QMxoxHN6JVdpSLB9moY5/RC9ooxz32fkakSL0s8zLITLt/y+yzf0F/9JhmTC1XeD8gvPBesE6dc0ZzPCos0hg8WpKUWR0YqXFDOC//uBwIa94DncC8xZ0mCwavno6gtkz57S7ywSwnmrdjhmpdAZuqOBgDB+MBEGCWCGSAGG+EIBAQQEAwIGQDAzBglghkgBhvhCAQ0EJhYkYXV0by1nZW5lcmF0ZWQgYnkgdGhlIE5ldEJTRCBzeXNsb2dkMCYGCWCGSAGG+EIBDAQZFhdjb3JkZWxpYS5tc2NodWV0dGUubmFtZTAMBgNVHRMBAf8EAjAAMAkGByqGSM44BAMDMAAwLQIUZcsHdrbuyx9lR3tyyeiJvClj0B8CFQC+5+NlulgCd/yoSlLPZgsTHYmCYA==" SIGN="MC0CFFEHx8UX391lbmhbisJNS0zLGD/WAhUAuMfCO0BWtARt2vEWHbM2mAe2k+o="] 601.1Schristos<110>1 2008-08-02T01:09:27.778347+02:00 host.example.org syslogd - - [ssign VER="0111" RSID="1217632162" SG="3" SPRI="0" GBC="1" FMN="1" CNT="15" HB="siUJM358eYFHOS2K0MTlveWeH/U= zTxfthW8WqmtFhOG4k/+ZxkirTA= j9dubU1GNVp7qWShwph/w32nD08= XQDLZ/NuwirmLdMORtm84r9kIW4= RNDFNCo7hiCsK/EKumsPBbFHNZA= ANiE3KbY948J6cEB640fAtWXuO4= e2M/OqjHDfxLVUSPt1CsNJHm9wU= Y+racQst7F1gR8eEUh8O7o+M53s= JAMULRxjMPbOO5EhhKbsUkAwbl0= pd+N5kmlnyQ0BoItELd/KWQrcMg= dsMQSzPHIS6S3Vaa23/t7U8JAJ4= i4rE3x7N4qyQGTkmaWHsWDFP9SY= qgTqV4EgfUFd3uZXNPvJ25erzBI= XW0YrME5kQEh+fxhg1fetnWxfIc= 7YPcRHsDwXWnQuGRWaJtFWw9hus=" SIGN="MCwCFF5hS5GTLxLDwsDCUmOnHhzkmWzbAhRJ0io+LBKM6Ux/cM7eqZ6eRAI11Q=="] 611.1Schristos<15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg15 621.1Schristos<15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg16 631.1Schristos<15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg17 641.1Schristos<15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg18 651.1Schristos<15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg19 661.1Schristos<110>1 2008-08-02T01:09:32.399406+02:00 host.example.org syslogd - - [ssign VER="0111" RSID="1217632162" SG="3" SPRI="0" GBC="4" FMN="1" CNT="20" HB="siUJM358eYFHOS2K0MTlveWeH/U= zTxfthW8WqmtFhOG4k/+ZxkirTA= j9dubU1GNVp7qWShwph/w32nD08= XQDLZ/NuwirmLdMORtm84r9kIW4= RNDFNCo7hiCsK/EKumsPBbFHNZA= ANiE3KbY948J6cEB640fAtWXuO4= e2M/OqjHDfxLVUSPt1CsNJHm9wU= Y+racQst7F1gR8eEUh8O7o+M53s= JAMULRxjMPbOO5EhhKbsUkAwbl0= pd+N5kmlnyQ0BoItELd/KWQrcMg= dsMQSzPHIS6S3Vaa23/t7U8JAJ4= i4rE3x7N4qyQGTkmaWHsWDFP9SY= qgTqV4EgfUFd3uZXNPvJ25erzBI= XW0YrME5kQEh+fxhg1fetnWxfIc= 7YPcRHsDwXWnQuGRWaJtFWw9hus= PIvLm0mh+he5+PDihG1p7sQlx8k= lPzUvx0I1VwSGWV7yKF9W//Yb2U= X+PWYcx5AXnsDVSNAHLZUGk5ioY= okXY88MGG4QybrYMf8HJN23WO1Y= HcaPyHfQ2s1SuSciTKw4woYWuMg=" SIGN="MCwCFFr0i6taT1vWowR7yc5bEQxFfY7/AhQBCK+rBNPgzR0vUgxPeARvD24kIQ=="] 671.1Schristos</pre> 681.1Schristos<p>Just in case you wonder about the different timestamps: The messages were send with a normal syslog(3), so the syslogd received them in BSD Syslog format without subsecond resolution.</p> 691.1Schristos<hr> 701.1Schristos<pre> 711.1Schristos$ perl verify.pl --help 721.1Schristos 731.1Schristossyslog-sign verifier 741.1Schristosreads logfile and verifies message signatures 751.1Schristos 761.1SchristosNotes: 771.1Schristos- By default uses only SHA-1 hashes. Use option "--sha256" to use only 781.1Schristos SHA-256 and "--sha1 --sha256"to use both types. 791.1Schristos- Some status messages are printed to stderr. 801.1Schristos Use option "--quiet" to disable them. 811.1Schristos- All verified messages are printed with their identifying signature group. 821.1Schristos Every line starts with a comma-separated tuple: hostname, reboot session ID, 831.1Schristos SG value, SPRI value, and message number. 841.1Schristos- If only one hash is used then all messages not signed are printed as well. 851.1Schristos 861.1SchristosLimitations: handles only key types 'C' (PKIX) and 'K' (public key) 871.1Schristos with DSA keys and signatures 881.1Schristos 891.1SchristosCommand Line Options: 901.1Schristos -i --in input file (default: stdin) 911.1Schristos -o --out output file for verified messages (default: stdout) 921.1Schristos -u --unsigned output file for unsigned messages (default: stdout) 931.1Schristos --sha1 use SHA-1 hashes (default) 941.1Schristos --sha256 use SHA-256 hashes 951.1Schristos -v --verbose shows some internals (every CB,SB,hash,...) 961.1Schristos -q --quiet no status messages to stderr 971.1Schristos -h --help this help 981.1Schristos 991.1Schristos$ perl verify.pl -i test.log 1001.1Schristosreading input... 1011.1Schristosprocessing CBs... 1021.1Schristosdecoding SGs... 1031.1Schristosgot PKIX DSA key 1041.1Schristosverifying CBs... 1051.1Schristosverified CB and got key for SG: (host.example.org,1217632162,0111,3,0), start: 2008-08-02T01:09:27.773464+02:00 1061.1Schristosnow process SBs 1071.1Schristossigned messages: 1081.1Schristoshost.example.org,1217632162,0111,3,0,1 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg0 1091.1Schristoshost.example.org,1217632162,0111,3,0,2 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg1 1101.1Schristoshost.example.org,1217632162,0111,3,0,3 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg2 1111.1Schristoshost.example.org,1217632162,0111,3,0,4 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg3 1121.1Schristoshost.example.org,1217632162,0111,3,0,5 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg4 1131.1Schristoshost.example.org,1217632162,0111,3,0,6 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg5 1141.1Schristoshost.example.org,1217632162,0111,3,0,7 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg6 1151.1Schristoshost.example.org,1217632162,0111,3,0,8 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg7 1161.1Schristoshost.example.org,1217632162,0111,3,0,9 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg8 1171.1Schristoshost.example.org,1217632162,0111,3,0,10 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg9 1181.1Schristoshost.example.org,1217632162,0111,3,0,11 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg10 1191.1Schristoshost.example.org,1217632162,0111,3,0,12 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg11 1201.1Schristoshost.example.org,1217632162,0111,3,0,13 **** msg lost 1211.1Schristoshost.example.org,1217632162,0111,3,0,14 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg13 1221.1Schristoshost.example.org,1217632162,0111,3,0,15 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg14 1231.1Schristoshost.example.org,1217632162,0111,3,0,16 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg15 1241.1Schristoshost.example.org,1217632162,0111,3,0,17 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg16 1251.1Schristoshost.example.org,1217632162,0111,3,0,18 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg17 1261.1Schristoshost.example.org,1217632162,0111,3,0,19 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg18 1271.1Schristoshost.example.org,1217632162,0111,3,0,20 <15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - msg19 1281.1Schristosmessages without signature: 1291.1Schristos<15>1 2008-08-02T02:09:27+02:00 host.example.org test 6255 - - modified msg12 1301.1Schristos</pre> 1311.1Schristos 1321.1Schristos<hr> 1331.1Schristos<table border=0> 1341.1Schristos<tr> 1351.1Schristos<td> 1361.1Schristos<a href="http://sourceforge.net"><img align="top" src="http://sourceforge.net/sflogo.php?group_id=141771&type=2" width="125" height="37" border="0" alt="SourceForge.net Logo"></a> 1371.1Schristos<td> 1381.1Schristos <table> 1391.1Schristos <tr> <td> Martin Schütte <<tt>info@mschuette.name</tt>> </td> </tr> 1401.2Sandvar <tr> <td> $Id: sign.html,v 1.2 2023/05/01 11:57:53 andvar Exp $ </td> </tr> 1411.1Schristos </table> 1421.1Schristos</tr> 1431.1Schristos</table> 1441.1Schristos 1451.1Schristos</body> 1461.1Schristos</html> 147