File: slogkey.1.xml

package info (click to toggle)
syslog-ng 4.8.1-6
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 20,456 kB
  • sloc: ansic: 177,631; python: 13,035; cpp: 11,611; makefile: 7,012; sh: 5,147; java: 3,651; xml: 3,344; yacc: 1,377; lex: 599; perl: 193; awk: 190; objc: 162
file content (157 lines) | stat: -rw-r--r-- 7,698 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
<?xml version="1.0"?>
<!--

  Copyright (c) 2020 Airbus Secure Logging Team

  This program is free software; you can redistribute it and/or modify it
  under the terms of the GNU General Public License version 2 as published
  by the Free Software Foundation, or (at your option) any later version.

  This program is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.

  You should have received a copy of the GNU General Public License
  along with this program; if not, write to the Free Software
  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA

  As an additional exemption you are allowed to compile & link against the
  OpenSSL libraries as published by the OpenSSL project. See the file
  COPYING for details.

-->
<reference xmlns="http://docbook.org/ns/docbook" version="5.0">
  <info>
    <productname/>
    <title>The slogkey manual page</title>
  </info>
  <refentry xml:id="slogkey.1">
    <refmeta>
      <refentrytitle>slogkey</refentrytitle>
      <manvolnum>1</manvolnum>
      <refmiscinfo class="version">4.8</refmiscinfo>
      <refmiscinfo class="source"/>
    </refmeta>
    <refnamediv>
      <refname>slogkey</refname>
      <refpurpose>Manage cryptographic keys for use with <command>syslog-ng</command> secure logging</refpurpose>
    </refnamediv>
    <refsynopsisdiv>
      <cmdsynopsis>
        <command>slogkey</command>
        <arg>options</arg><arg>arguments</arg>
      </cmdsynopsis>
    </refsynopsisdiv>
    <refsection version="5.0">
      <title>Description</title>
      <para>The <command>slogkey</command> utility is used to manage cryptographic keys for use with the secure logging module of <command>syslog-ng</command>. Use this utility to create a master key, derive a host key to be used by a secure logging configuration and to display the current sequence counter of a key. The options determine the operating mode and are mutually exclusive.</para>
    </refsection>
    <refsection>
      <title>Arguments</title>
      <para>The arguments depend on the operating mode.</para>
      <variablelist>
        <?dbfo term-width="1.25in"?>
        <varlistentry>
          <term>
           <command>Master key generation</command>
          </term>
          <listitem>
            <para>Call sequence: slogkey --master-ḱey &lt;filename&gt;</para>
	    <para>&lt;filename&gt;: The name of the file to which the master key will be written.</para>
         </listitem>
        </varlistentry>
        <varlistentry>
          <term>
           <command>Host key derivation</command>
          </term>
          <listitem>
            <para>Call sequence: slogkey --derive-key &lt;master key file&gt; &lt;host MAC address&gt; &lt;host serial number&gt; &lt;host key file&gt;</para>
	    <para>&lt;master key file&gt;: The master key from which the host key will be derived.</para>
	    <para>&lt;host MAC address&gt;: The MAC address of the host on which the key will be used. Instead of the MAC address, any other string that uniquely identifies a host can be supplied, e.g. the company inventory number.</para>
	    <para>&lt;host serial number&gt;: The serial number of the host on which the key will be used. Instead of the serial number, any other string that uniquely identifies a host can be supplied, e.g. the company inventory number.</para>
	    <para>&lt;host key file&gt;: The name of the file to which the host key will be written.</para>
        <para>NOTE: The newly created host key has its counter set to 0 indicating that it represents the initial host key k0. This host key must be kept secret and not be disclosed to third parties. It will be required to successfully decrypt
        and verify log archives processed by the secure logging environment. As each log entry will be encrypted with its
        own key, a new host key will be created after successful processing of a log entry and will replace the previous key. Therefore, the initial host key needs to be stored in a safe place before starting the secure logging environment, as it will be deleted from the log host after processing of the first log entry.</para>
	  </listitem>
        </varlistentry>
        <varlistentry>
          <term>
           <command>Sequence counter display</command>
          </term>
          <listitem>
            <para>Call sequence: slogkey --counter &lt;host key file&gt;</para>
            <para>&lt;host key file&gt;: The host key file from which the sequence will be read.</para>
         </listitem>
        </varlistentry>
      </variablelist>
    </refsection>
    <refsection>
      <title>Options</title>
      <variablelist>
        <?dbfo term-width="1.25in"?>
        <varlistentry>
          <term>
           <command>--master-key</command> or <command>-m</command>
          </term>
          <listitem>
            <para>Generates a mew master key. &lt;filename&gt; is the name of the file storing the newly generated master key.</para>
         </listitem>
        </varlistentry>
        <varlistentry>
          <term><command>--derive-key</command> or <command>-d</command>
          </term>
          <listitem>
            <para>Derive a host key using a previously generated master key.</para>
          </listitem>
        </varlistentry>
        <varlistentry>
          <term><command>--counter</command> or <command>-c</command>
          </term>
          <listitem>
            <para>Display the current log sequence counter of a key.</para>
         </listitem>
        </varlistentry>
        <varlistentry>
          <term><command>--help</command> or <command>-h</command>
          </term>
          <listitem>
            <para>Display a help message.</para>
         </listitem>
        </varlistentry>
       </variablelist>
    </refsection>
    <refsection>
      <title>Files</title>
      <para>
        <filename>/usr/bin/slogkey</filename>
      </para>
      <para>
        <filename>/etc/syslog-ng.conf</filename>
      </para>
    </refsection>
    <refsection>
      <title>See also</title>
      <para>
        <link linkend="syslog-ng.conf.5"><command>syslog-ng.conf</command>(5)</link>
      </para>
      <para>
        <link linkend="secure-logging.7"><command>secure-logging</command>(7)</link>
      </para>
      <note version="5.0">
        <para>For the detailed documentation of  see <link xmlns:ns1="http://www.w3.org/1999/xlink" ns1:href="https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/index.html"><command>The syslog-ng Administrator Guide</command></link></para>
        <para>If you experience any problems or need help with syslog-ng, visit the <link xmlns:ns1="http://www.w3.org/1999/xlink" ns1:href="https://lists.balabit.hu/mailman/listinfo/syslog-ng"><command>syslog-ng mailing list</command></link>.</para>
        <para>For news and notifications about of syslog-ng, visit the <link xmlns:ns1="http://www.w3.org/1999/xlink" ns1:href="https://syslog-ng.org/blogs/"><command>syslog-ng blogs</command></link>.</para>
        <para>For specific information requests related to secure logging send a mail to the Airbus Secure Logging Team &lt;secure-logging@airbus.com&gt;.</para>
      </note>
    </refsection>
    <refsection version="5.0">
      <title>Author</title>
      <para>This manual page was written by the Airbus Secure Logging Team &lt;secure-logging@airbus.com&gt;.</para>
    </refsection>
    <refsection version="5.0">
      <title>Copyright</title>
    </refsection>
  </refentry>
</reference>