Mailing List Archive

Tamper-evident solutions
Hi, all:

I found information about the KSI signature provider option interesting,
but my repeated attempts to request "tryout blockchain developer"
credentials have gone without any response from Guardtime.

1. How actively maintained is this solution?
2. Are there any other options to provide tamper-evident log storage for
a centralized rsyslog server? I am aware of some S3 Glacier backed
setups, but they are not quite what I'm looking for, because there is a
period of time that records can be modified before they are migrated to
immutable storage.

Best,
-K
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Tamper-evident solutions [ In reply to ]
you can put things directly into glacier

what version are you looking at? I seem to remember that we had one key signing
vendor disappear on us, but that there was a new one that showed up.

This module was contributed, and so the rsyslog team only keeps it running as
the core changes.

David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Re: Tamper-evident solutions [ In reply to ]
On Mon, Jul 29, 2019 at 04:43:44PM -0700, David Lang wrote:
>you can put things directly into glacier

Can you describe what you mean in more detail? My understanding is that
there is no way to have something like append-only files. The closest I
can come to this is by rotating output files hourly and moving them to
glacier after that. This still gives attackers a 60-minute window to
remove any intrusion records, but it's certainly a much cheaper option
than using something like Netapp's snaplock functionality.

>what version are you looking at? I seem to remember that we had one key
>signing vendor disappear on us, but that there was a new one that
>showed up.
>
>This module was contributed, and so the rsyslog team only keeps it
>running as the core changes.

Okay, I suspected as much.

Best,
-K
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.