PDA

View Full Version : journald: Forward secure sealing



roidal
21st July 2013, 12:33 PM
Hi guys!

Today i activated the forward secure sealing function of the journald on my Fedora 18:

#generate keys
journalctl --interval=30s --setup-keys

and then activated the sealing in the /etc/systemd/journald.conf file.

The strange thing is that

journalctl --verify --verfiy-key=$my_key

success everytime even if i use a wrong key.

Any ideas?

george_toolan
21st July 2013, 03:47 PM
and then activated the sealing in the /etc/systemd/journald.conf file.

So how exactly did you "enable" it?


Seal=

Takes a boolean value. If enabled (the default), and a sealing key is available (as created by journalctl(1)'s --setup-keys command), forward secure sealing (FSS) for all persistent journal files is enabled. FSS is based on Seekable Sequential Key Generators by G. A. Marson and B. Poettering and may be used to protect journal files from unnoticed alteration.


success everytime even if i use a wrong key.

Maybe the file wasn't generated with FSS enabled or you have to restart the little bugger for the changes to take effect?


--verify

Check the journal file for internal consistency. If the file has been generated with FSS enabled and the FSS verification key has been specified with --verify-key=, authenticity of the journal file is verified.

roidal
21st July 2013, 06:48 PM
Maybe the file wasn't generated with FSS enabled or you have to restart the little bugger for the changes to take effect?


That was a good hint, a new log-file is needed to activate sealing.

But now i have the problem that the verification fails everytime...:doh: