Previous Entry Share Next Entry
New Security Feature in Fedora 18 Part 5: Systemd Secures Journald from attack
Forward Secure Sealing (FSS)

Forward Secure Sealing is a new feature of systemd/journald in Fedora 18.

If your machine is cracked, (Did you disable SELinux?) and a hacker gets administrative control, he wants to cover their tracks, by modifying the system log files.  This presents a problem in that you might not know when the machine was hacked and whether any of your log files have been tampered with.  Before FSS  the only way to know your log files have not been tampered with is to store them on a different machine, IE Setup rsysog and auditlogs to be sent to different machines.  With FSS you can verify the journald logs on your system and know if they have been tampered with.  Even better you will have an idea when the hacker started tampering with them, and which part of the logs files are still valid.

The basic idea is you establish a verification ID and store it externally or just use a QR code and store it on a smart phone.

Read Lennart Poettering posting on Google+ For more explanation.


Log in