Re: replacing rsyslogd in minimal with journald [was Re: systemd requires HTTP server and serves QR codes]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Oct 10, 2012 at 5:05 PM, Miloslav Trmač <mitr@xxxxxxxx> wrote:
> On Tue, Oct 9, 2012 at 11:24 PM, Lennart Poettering <mzerqung@xxxxxxxxxxx> wrote:

>> which syslog does not: for example per-service rate limits,
>
> False.  http://www.rsyslog.com/doc/imuxsock.html, "There is input rate
> limiting available", currently enabled by default in Fedora.

Insufficient in rsyslog. And it's right what Lennart said. This really
needs to be per service/user not per pid. Pids are almost entirely
useless to key-off here.

>> and
>> unfakable meta-data for log messages.
>
> False: http://www.rsyslog.com/doc/imuxsock.html, "trusted syslog
> properties are available" (and in v7 they can be enabled in the Fedora
> configuration by default)

It's well meant, but really, it sounds more like a joke. Adding
"garbage" to the end of the human readable plain text is not
comparable with the journal.

> On Wed, Oct 10, 2012 at 12:08 AM, Lennart Poettering
> <mzerqung@xxxxxxxxxxx> wrote:
>> I am not a security guy, but having
>> logs where unprivileged users cannot insert undetectable fakes
> (Re: the implied claim that systemd provides that):

It surely does provide it. Rsyslog can do something similar, but
really, with pushing stuff into plain text files, mixing it into the
human readable message it can't really get too far without creating a
mess in the files.

> For the "unprivileged user" part, see above.
>
> For the cryptographic protection, false.

It's not about tamper-proof log files, it was about unfakeable message
source context.

> http://cgit.freedesktop.org/systemd/systemd/tree/man/journalctl.xml#n358
> defaults to 15 minutes, which is an eternity.

The sealing was not even mentioned, but it's still better than
nothing. And 15 min are the current default, and this will change as
soon as the details are hashed out to efficiently move the sealing
forward in time.

> [1] An adjective belongs here.  I can think of about 10 candidates,
> but I feel too ill and grumpy to trust myself to choose well.

I'm sure you should wait until you are back to full speed. You
comparision seem pretty bad researched. :)

Thanks,
Kay
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux