Lennart Poettering, never a stranger to controversial projects, and Kay Sievers have proposed to create a new, git inspired, logging system for Linux. The new system would be a cryptographically verifiable binary format that would stand in sharp contrast to the usual UNIX way of doing things with simple text files that can be easily accessed by all manner of tools.

Break-ins on high-profile web sites have become very common, including the recent widely reported kernel.org break-in. After a successful break-in the attacker usually attempts to hide his traces by editing the log files. Such manipulations are hard to detect with classic syslog: since the files are plain text files no cryptographic authentication is done, and changes are not tracked. Inspired by git, in the journal all entries are cryptographically hashed along with the hash of the previous entry in the file. This results in a chain of entries, where each entry authenticates all previous ones. If the top-most hash is regularly saved to a secure write-only location, the full chain is authenticated by it. Manipulations by the attacker can hence easily be detected.

The plan is to get an initial implementation into the Fedora 17 release.

Comment on this story via Google+.

Lennart Poettering, never a stranger to controversial projects, and Kay Sievers have proposed to create a new, git inspired, logging system for Linux. The new system would be a cryptographically verifiable binary format that would stand in sharp contrast to the usual UNIX way of doing things with simple text files that can be ...