Systemd to secure system log information against attacks
Source: Lennart Poettering Systemd can now secure log information on system processes stored in its journal, using a procedure known as Forward Secure Sealing (FSS). This prevents attackers who have obtained administrator privileges from clearing traces of their activity from the journal without deleting it in its entirety. A verification key is used to secure the data and, to prevent modification, it has to be stored externally. Instead of writing the key down, users can optionally save it to a smartphone via a QR code.
Systemd developer Lennart Poettering provides some background information on the new feature in a posting on Google+. In it he explains that, where an external log server would traditionally be used to prevent attackers from covering their tracks, the new feature represents a simple alternative that doesn't require any external infrastructure. Fedora 18, due for release in early November, will include this optional systemd feature.
Poettering notes that FSS is based on "Forward Secure Pseudo Random Generators" by Royal Holloway/University of London cryptography post-doctorate and researcher, Bertram Poettering, his brother; the FSPRG paper is due to be published shortly.
- Control Centre: The systemd Linux init system, a feature from The H.
- Booting up: Tools and tips for systemd, a Linux init tool, a feature from The H.