On Wed, Oct 10, 2012 at 5:05 PM, Miloslav Trmač <m...@volny.cz> wrote: > On Tue, Oct 9, 2012 at 11:24 PM, Lennart Poettering <mzerq...@0pointer.de> > wrote:
>> which syslog does not: for example per-service rate limits, > > False. http://www.rsyslog.com/doc/imuxsock.html, "There is input rate > limiting available", currently enabled by default in Fedora. Insufficient in rsyslog. And it's right what Lennart said. This really needs to be per service/user not per pid. Pids are almost entirely useless to key-off here. >> and >> unfakable meta-data for log messages. > > False: http://www.rsyslog.com/doc/imuxsock.html, "trusted syslog > properties are available" (and in v7 they can be enabled in the Fedora > configuration by default) It's well meant, but really, it sounds more like a joke. Adding "garbage" to the end of the human readable plain text is not comparable with the journal. > On Wed, Oct 10, 2012 at 12:08 AM, Lennart Poettering > <mzerq...@0pointer.de> wrote: >> I am not a security guy, but having >> logs where unprivileged users cannot insert undetectable fakes > (Re: the implied claim that systemd provides that): It surely does provide it. Rsyslog can do something similar, but really, with pushing stuff into plain text files, mixing it into the human readable message it can't really get too far without creating a mess in the files. > For the "unprivileged user" part, see above. > > For the cryptographic protection, false. It's not about tamper-proof log files, it was about unfakeable message source context. > http://cgit.freedesktop.org/systemd/systemd/tree/man/journalctl.xml#n358 > defaults to 15 minutes, which is an eternity. The sealing was not even mentioned, but it's still better than nothing. And 15 min are the current default, and this will change as soon as the details are hashed out to efficiently move the sealing forward in time. > [1] An adjective belongs here. I can think of about 10 candidates, > but I feel too ill and grumpy to trust myself to choose well. I'm sure you should wait until you are back to full speed. You comparision seem pretty bad researched. :) Thanks, Kay -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
