Re: aide and tiger sending gpg crypted files
On Thu, Jun 06, 2002 at 08:28:24PM +0200, Thomas Schmid wrote: > Hi, > > So, I set up my server with aide and tiger to check it's integrity. The > reports are mailed to root which one is redirected to an other localadress > and to a second adresse on a other server. My question is now: is it > possible to let the mails be pgp encrypted with gnupg so I can check if > the mails realy are from my server and that no one intercepted and changed > them? I neither could find something on the web nor on the mailinglist > archive of aide. > Well I never thought of doing this in tiger, but as the answers to this mail show you would need a private key available in the server (and this private key could thus be compromised). If you are worried about the messages being intercepted in transit I would suggest, as also others have done: 1.- encrypting the mail. In tiger's case mails are sent by the /usr/lib/tiger/tigercron change line 226: } | $MAILER $Tiger_Mail_RCPT to } | gpg -e -a | $MAILER $Tiger_Mail_RCPT I might add a new option to tiger so that you can select if you wish this to be done in the config file... feel free to file a wishlist bug against the package so I don't forget :) 2.- establish a VPN tunnel from the HIDS to the mailserver Signing the mail just would let you know that it was a valid HIDS that sen't it and that the mail wasn't tampered with in transit, which might, or might not, be enough for your purposes. I would suggest 2) if you are sending more stuff (syslog, aide, logcheck...) that might either send mails or contact the main server since you do not have to change program by program in order to encrypt the data they send. However, this does not assure you that an intruder is not sending forged mails. (which would be easy to do if the passphrase is empty and you are using 1) since he could get to the private keypair if the server was compromised) Regards Javi -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: aide and tiger sending gpg crypted files
Le Thursday 06 June 2002 à 20:28:24 +0200, Thomas Schmid a écrit: > Hi, > > So, I set up my server with aide and tiger to check it's integrity. The > reports are mailed to root which one is redirected to an other localadress > and to a second adresse on a other server. My question is now: is it > possible to let the mails be pgp encrypted with gnupg so I can check if > the mails realy are from my server and that no one intercepted and changed > them? I neither could find something on the web nor on the mailinglist > archive of aide. If you want to be sure of the origin of your mail, you must sign it, not encrypt it ! Encryption is made with the public key of the receiver and everybody can to it. Signature is made with the private key which must stay private to your server. If you want to use it in a shell script, their must be no passphrase, so if your server is compromised, the key is also compromised and the message cannot be trusted anylonger. Such a protection only protect the message during its travel between your server and you. -- Loïc "heaven is not a place, it's a feeling" pgpryBvL8lB1x.pgp Description: PGP signature
Re: aide and tiger sending gpg crypted files
On Fri, Jun 07, 2002 at 11:23:52AM +0900, Oohara Yuuma wrote: > On Thu, 6 Jun 2002 20:28:24 +0200 (MEST), > Thomas Schmid <[EMAIL PROTECTED]> wrote: > > So, I set up my server with aide and tiger to check it's integrity. The > > reports are mailed to root which one is redirected to an other localadress > > and to a second adresse on a other server. My question is now: is it > > possible to let the mails be pgp encrypted with gnupg > I don't know either aide or tiger, but if there is a cron job like > aide | mail > then changing it to > aide | gpg -e -a | mail > may work. I wrote something similar to send GnuPG encrypted & signed email from a shell script: http://karl.jorgensen.com/smash/ It's purpose is quite different (and not very well tested ATM), from what you want, but you may be able to use the code inside it. It works well with when reading the mails it sends with mutt; haven't tried other GnuPG-enabled mail clients. > > so I can check if > > the mails realy are from my server and that no one intercepted and changed > > them? > You may need a dedicated keypair for it because anyone who have > a copy of your public key can encrypt a fake report, intercept > the real report and replace it. In order to send signed emails unattended, the signing key cannot have a passphrase. So I suggest using a special key just for that purpose (and not uploading it to any key servers). HTH -- Karl E. Jørgensen [EMAIL PROTECTED] www.karl.jorgensen.com Today's fortune: > Linux is not user-friendly. It _is_ user-friendly. It is not ignorant-friendly and idiot-friendly. -- Seen somewhere on the net pgpOhQTjktcu7.pgp Description: PGP signature
Re: aide and tiger sending gpg crypted files
On Thu, 6 Jun 2002 20:28:24 +0200 (MEST), Thomas Schmid <[EMAIL PROTECTED]> wrote: > So, I set up my server with aide and tiger to check it's integrity. The > reports are mailed to root which one is redirected to an other localadress > and to a second adresse on a other server. My question is now: is it > possible to let the mails be pgp encrypted with gnupg I don't know either aide or tiger, but if there is a cron job like aide | mail then changing it to aide | gpg -e -a | mail may work. > so I can check if > the mails realy are from my server and that no one intercepted and changed > them? You may need a dedicated keypair for it because anyone who have a copy of your public key can encrypt a fake report, intercept the real report and replace it. -- Oohara Yuuma <[EMAIL PROTECTED]> Debian developer PGP key (key ID F464A695) http://www.interq.or.jp/libra/oohara/pub-key.txt Key fingerprint = 6142 8D07 9C5B 159B C170 1F4A 40D6 F42E F464 A695 I always put away what I take. --- Ryuji Akai, "Star away" -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]