Rainer Gerhards writes:
>
> -sign says, the reboot session ID mus not be automatically reset to 0 if
> think about a tool like logger. As of my understanding, each
> command-line invocation would create a new "reboot session".
Rainer, I think your example isn't typical.
On most system, there is one "global" sender (syslogd on unix), which
run's very long. Usually as long the system is up. It has the counter.
This sender get's it data from several sourcer (Applications using
"syslog() call in libC; again a unix example). So "booting" an
application, --read: you command line tool-- has no effect on the
reboot counter.
See below, for details of your example...
But first, on "the central syslogd"; the RFC doesn't demand it, but
assumes the is only 1 sender on each system. E.g. the "private key" is
shared by all signatures, so by all "sources". Hard to do when all
applications are senders itself.
Back to your example.
Even when quickly "rebooting" (read: increasing the reboot session
counter fast), this should not be a problem. nine 9's is very big!
My code uses the current-time, during initialisation, in seconds after
2002 (syslog-sign didn't existed before) and divide by 2.
This will result in a reboot-session, that will wrap in the year
2600 (or about). And which can be started each 2 seconds.
You can find my code on SF.net, or see below for a C-code fragment:
--------
GLOBAL int rebootSessionID = 0;
int reboot_session_id(void)
{
if (rebootSessionID != 0) {
if (gettimeofday(&now) != 0)
rebootSessionID = 1 // it has to have a value
else
rebootSessionID= (now.tv_sec- ( (2002-1700) * 365 * 3600) ) / 2
}
return rebootSessionID;
}
------
For a standalone commandline tool, you probably need more a bit more
resolution. E.g. skip the "divide by 2". Most important is that value
is unique for that session, for that invocation of that commandline
tool. If that means it will wrap in "only a few years", let it
be. It's not typical to have short rebootsessions. It means verifying
the log, is hard to do anyhow !! Then is easy for delete all log of a
reboot session (for a hacker). That can't be verified.
Good Luck.
PS. The code in SF has a bug: it multiplies by 2, instead of
dividing. Dividing is correct. I will change it on SF, soon.
--
ALbert Mietus
Send prive mail to: [EMAIL PROTECTED]
Send business mail to: [EMAIL PROTECTED]
Don't send spam mail!
