1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157
|
<?xml version="1.0"?>
<!--
Copyright (c) 2020 Airbus Secure Logging Team
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License version 2 as published
by the Free Software Foundation, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
As an additional exemption you are allowed to compile & link against the
OpenSSL libraries as published by the OpenSSL project. See the file
COPYING for details.
-->
<reference xmlns="http://docbook.org/ns/docbook" version="5.0">
<info>
<productname/>
<title>The slogkey manual page</title>
</info>
<refentry xml:id="slogkey.1">
<refmeta>
<refentrytitle>slogkey</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="version">4.8</refmiscinfo>
<refmiscinfo class="source"/>
</refmeta>
<refnamediv>
<refname>slogkey</refname>
<refpurpose>Manage cryptographic keys for use with <command>syslog-ng</command> secure logging</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>slogkey</command>
<arg>options</arg><arg>arguments</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsection version="5.0">
<title>Description</title>
<para>The <command>slogkey</command> utility is used to manage cryptographic keys for use with the secure logging module of <command>syslog-ng</command>. Use this utility to create a master key, derive a host key to be used by a secure logging configuration and to display the current sequence counter of a key. The options determine the operating mode and are mutually exclusive.</para>
</refsection>
<refsection>
<title>Arguments</title>
<para>The arguments depend on the operating mode.</para>
<variablelist>
<?dbfo term-width="1.25in"?>
<varlistentry>
<term>
<command>Master key generation</command>
</term>
<listitem>
<para>Call sequence: slogkey --master-ḱey <filename></para>
<para><filename>: The name of the file to which the master key will be written.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<command>Host key derivation</command>
</term>
<listitem>
<para>Call sequence: slogkey --derive-key <master key file> <host MAC address> <host serial number> <host key file></para>
<para><master key file>: The master key from which the host key will be derived.</para>
<para><host MAC address>: The MAC address of the host on which the key will be used. Instead of the MAC address, any other string that uniquely identifies a host can be supplied, e.g. the company inventory number.</para>
<para><host serial number>: The serial number of the host on which the key will be used. Instead of the serial number, any other string that uniquely identifies a host can be supplied, e.g. the company inventory number.</para>
<para><host key file>: The name of the file to which the host key will be written.</para>
<para>NOTE: The newly created host key has its counter set to 0 indicating that it represents the initial host key k0. This host key must be kept secret and not be disclosed to third parties. It will be required to successfully decrypt
and verify log archives processed by the secure logging environment. As each log entry will be encrypted with its
own key, a new host key will be created after successful processing of a log entry and will replace the previous key. Therefore, the initial host key needs to be stored in a safe place before starting the secure logging environment, as it will be deleted from the log host after processing of the first log entry.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<command>Sequence counter display</command>
</term>
<listitem>
<para>Call sequence: slogkey --counter <host key file></para>
<para><host key file>: The host key file from which the sequence will be read.</para>
</listitem>
</varlistentry>
</variablelist>
</refsection>
<refsection>
<title>Options</title>
<variablelist>
<?dbfo term-width="1.25in"?>
<varlistentry>
<term>
<command>--master-key</command> or <command>-m</command>
</term>
<listitem>
<para>Generates a mew master key. <filename> is the name of the file storing the newly generated master key.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><command>--derive-key</command> or <command>-d</command>
</term>
<listitem>
<para>Derive a host key using a previously generated master key.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><command>--counter</command> or <command>-c</command>
</term>
<listitem>
<para>Display the current log sequence counter of a key.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><command>--help</command> or <command>-h</command>
</term>
<listitem>
<para>Display a help message.</para>
</listitem>
</varlistentry>
</variablelist>
</refsection>
<refsection>
<title>Files</title>
<para>
<filename>/usr/bin/slogkey</filename>
</para>
<para>
<filename>/etc/syslog-ng.conf</filename>
</para>
</refsection>
<refsection>
<title>See also</title>
<para>
<link linkend="syslog-ng.conf.5"><command>syslog-ng.conf</command>(5)</link>
</para>
<para>
<link linkend="secure-logging.7"><command>secure-logging</command>(7)</link>
</para>
<note version="5.0">
<para>For the detailed documentation of see <link xmlns:ns1="http://www.w3.org/1999/xlink" ns1:href="https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/index.html"><command>The syslog-ng Administrator Guide</command></link></para>
<para>If you experience any problems or need help with syslog-ng, visit the <link xmlns:ns1="http://www.w3.org/1999/xlink" ns1:href="https://lists.balabit.hu/mailman/listinfo/syslog-ng"><command>syslog-ng mailing list</command></link>.</para>
<para>For news and notifications about of syslog-ng, visit the <link xmlns:ns1="http://www.w3.org/1999/xlink" ns1:href="https://syslog-ng.org/blogs/"><command>syslog-ng blogs</command></link>.</para>
<para>For specific information requests related to secure logging send a mail to the Airbus Secure Logging Team <secure-logging@airbus.com>.</para>
</note>
</refsection>
<refsection version="5.0">
<title>Author</title>
<para>This manual page was written by the Airbus Secure Logging Team <secure-logging@airbus.com>.</para>
</refsection>
<refsection version="5.0">
<title>Copyright</title>
</refsection>
</refentry>
</reference>
|