GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
PEOCHK(8) FreeBSD System Manager's Manual PEOCHK(8)

peochk
Initial key generator and integrity log file checker

peochk [-f logfile] [-g] [-h] [-i key0file] [-k keyfile] [-l] [-m hash_method] [-q] [logfile]

peochk generates the initial key file and checks log files generated by syslogd(8) using peo output module om_peo(8). The options are as follows:
logfile
Specify the pathname of a log file, if logfile is not specified using this option, data is read from standard input and the pathname is used only to generate reports and/or to obtain the key files pathnames when the -k and/or -i options are not specified; the default is /var/log/messages.
Generates two key files with an initial key into them, one in binary mode ( keyfile, to be used by peo output module ) and the other in ascii mode ( key0file ), the admin should put the last one into a secure place and remove it from the specified path (see -i and -k options); when this option is not specified peochk is in check mode.
Displays a little help.
key0file
Specify the initial key pathname; the default is keyfile pathname with a "0" char added at the end (see -k option).
keyfile
Specify the key pathname (this file is used by the peo output module to generate a hash key from the last logged message); the default is /var/ssyslogd/xxx.key where xxx is logfile (specified with -f option or without it) with all '/' replaced by '.'.
Used only in check mode to detect the first corrupted line; it is ignored when specified with the -g option.
hash_method
Specifies the hash method used to generate the keys, hash_method should be one of md5, sha1, or rmd160; the default is sha1.
Quiet mode; prints '0' on stdout when logfile is not corrupted, and '1' or line number (see -l option) when the logfile is corrupted.

If you want to protect the /var/log/authlog file you can:
  1. run the command:

    peochk -g -f /var/log/authlog -i authkey0 -m rmd160

    this will generate the /var/ssylog/var.log.authlog.key file with the initial key in binary mode and the ./authkey0 file with that key translated to ascii, the hash method used to generate the key is rmd160; you should memorice the contents of ./authkey0 file and rm(1) it.

  2. Edit syslog.conf(5) file and enable peo output module with something like this:

    auth.info %classic /var/log/authlog %peo -m rmd160 -l -k /var/ssyslog/.var.log.authlog.key
  3. Inform new changes on syslog.conf(5) to syslogd(8):

    kill -HUP `cat /var/run/syslog.pid`
  4. When you believe that someone owned your machine you can:

    peochk -m rmd160 -f /var/log/authlog -i mykey

    the contents of mykey should be the same as ./authkey0 generated in step 1; with the command above you can verify that the file was (or not) corrupted (it is important not to forget the -m option because the default used is sha1 and the keys generated was using rmd160 ).

syslog.conf(5), om_peo(8), syslogd(8)

Submit bugs at this project's Sourceforge Bug reporting system at: http://sourceforge.net/tracker/?func=add&group_id=25741&atid=385117 You may also report them directly to the authors; send an email to core.devel.alat@corest.com, describing the problem the most you can, containing also machine description, hardware description, the configuration file (/usr/local/etc/syslog.conf), the OS description, and the invoking command line. The more you describe the bug, the faster we can fix it.
May 10, 2000 Core-SDI

Search for    or go to Top of page |  Section 8 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.