Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
02-14-2004, 07:08 AM
|
#1
|
Member
Registered: Jan 2004
Distribution: freebsd 5.3, openbsd 3.6, slackware 10
Posts: 96
Rep:
|
A journey of frustration, secure logging. [rant]
Secure logging.
Logging from ONE MACHINE, through ONE SWITCH back up a CABLE TO ANOTHER MACHINE PHYSICALLY SITUATED RIGHT NEXT TO THE OTHER.
Simple?
PROVE IT.
I have spent six weeks now, just trying to do remote logging in real-time but NOT IN CLEARTEXT.
This cannot be done.
I have tried:
1. Stunnel. Could not encrypt UDP so...
2. Syslog-ng. Would not compile, any questions answered with blissful silence.
3. SSH and Netcat. Did not work, absolutely nothing happened, and I know how to use both programs.
4. IPSec. Tried FreeSwan, Super FreeSwan and OpenSwan. Have now compiled a record of two kernels a DAY on TWO machines, tried every configuration under the sun. Come to the conclusion that everyone else on the openswan mailing list finds it way too difficult to configure.
Anything else I have missed? I WILL not send my logs in cleartext over my network, so this means I will not send my logs anywhere. I wouldn't be so furious if I was using some obscure broken linux but I am using a relatively clean Slackware 9.1 install with a 2.6.1 kernel.
mark
|
|
|
02-14-2004, 03:16 PM
|
#2
|
Senior Member
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
|
Well you already tried the two things I was going to recommend (syslog-ng and use TCP so you could tunnel it with stunnel or SSH), and IPSec tunnel between the machines. I'm not aware of any other way that it's possible to do it in real-time and encrypted.
Obviously, a lot of people have successfully setup syslog-ng and IPSec, so is it possible that there are "issues" with your distro, or that you just did not follow instructions correctly?
|
|
|
02-14-2004, 03:57 PM
|
#3
|
Member
Registered: Jan 2004
Distribution: freebsd 5.3, openbsd 3.6, slackware 10
Posts: 96
Original Poster
Rep:
|
That's what frustrates me. I'm not blindly angry like I was earlier.
When I have a program I've never used before, I follow the documentation to the letter. The results of my application therefore rely entirely on the documentation.
I know that there's nothing wrong with my distro, as it was a minimal install of Slackware and I am meticulous (read obsessive) about keeping my machines in 100% working order.
I remember actually, I DID get syslog-ng to compile, but couldn't find any documentation that didn't assume you already knew everything about the program and had been using it for several years. All I want is to duplicate exactly my standard syslog setup, nothing more, (except I want it TCP instead of UDP).
According the mailing list, google and other linux forums (I belive I'd given up before I asked here), nobody in the world knows how to use this program. I find this very hard to believe.
Passed the day with some therapeutic noise-core.
mark
|
|
|
All times are GMT -5. The time now is 04:56 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|