1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
|
========
rsgtutil
========
-----------------------------------
Manage (GuardTime) Signed Log Files
-----------------------------------
:Author: Rainer Gerhards <rgerhards@adiscon.com>
:Date: 2013-03-25
:Manual section: 1
SYNOPSIS
========
::
rsgtutil [OPTIONS] [FILE] ...
DESCRIPTION
===========
This tool performs various maintenance operations on signed log files.
It specifically supports the GuardTime signature provider.
The *rsgtutil* tool is the primary tool to verify log file signatures,
dump signature file contents and carry out other maintenance operations.
The tool offers different operation modes, which are selected via
command line options.
The processing of multiple files is permitted. Depending on operation
mode, either the signature file or the base log file must be specified.
Within a single call, only a single operations mode is permitted. To
use different modes on different files, multiple calles, one for each
mode, must be made.
If no file is specified on the command line, stdin is used instead. Note
that not all operation modes support stdin.
OPTIONS
=======
-D, --dump
Select "dump" operations mode.
-t, --verify
Select "verify" operations mode.
-T, --detect-file-type
Select "detect-file-type" operations mode.
-B, --show-sigblock-params
Select "show-sigblock-params" operations mode.
-s, --show-verified
Prints out information about correctly verified blocks (by default, only
errors are printed).
-v, --verbose
Select verbose mode. Most importantly, hashes and signatures are printed
in full length (can be **very** lengthy) rather than the usual abbreviation.
-e, --extend
Select extend mode. This extends the RFC3161 signatures. Note that this
mode also implies a full verification. If there are verify errors, extending
will also fail.
-P <URL>, --publications-server <URL>
Sets the publications server. If not set but required by the operation a
default server is used. The default server is not necessarily optimal
in regard to performance and reliability.
OPERATION MODES
===============
The operation mode specifies what exactly the tool does with the provided
files. The default operation mode is "dump", but this may change in the future.
Thus, it is recommended to always set the operations mode explicitely. If
multiple operations mode are set on the command line, results are
unpredictable.
dump
----
The provided *signature* files are dumped. For each top-level record, the*u
type code is printed as well as q short description. If there is additional
information available, it will be printed in tab-indented lines below the
main record dump. The actual *log* files need not to be present.
verify
------
This mode does not work with stdin. On the command line, the *log* file names
are specified. The corresponding *signature* files (ending on ".gtsig") must also
be preset at the same location as the log file. In verify mode, both the log
and signature file is read and the validity of the log file checked. If verification
errors are detected these are printed and processing of the file aborted. By default,
each file is verified individually, without taking cross-file hash chains into
account (so the order of files on the command line does not matter).
Note that the actual amount of what can be verified depends on the parameters with
which the signature file was written. If record and tree hashes are present, they
will be verified and thus fine-granular error reporting is possible. If they are
not present, only the block signature itself is verified.
By default, only errors are printed. To also print successful verifications, use the
**--show-verified** option.
extend
------
This extends the RFC3161 signatures. This includes a full verification
of the file. If there are verification errors, extending will also fail.
Note that a signature can only be extended when the required hash has been
published. Currently, these hashes are created at the 15th of each month at
0:00hrs UTC. It takes another few days to get them finally published. As such,
it can be assumed that extending is only possible after this happend (which
means it may take slightly above a month).
To prevent data corruption, a copy of the signature file is created during
extension. So there must be enough disk space available for both files,
otherwise the operation will fail. If the log file is named logfile, the
signature file is logfile.gtsig and the temporary work file is named
logfile.gtsig.new. When extending finished successfully, the original
signature file (logfile.gtsig in our example) is renamed with the .old
postfix (logfile.gtsig.old) and the temporary file written under the
original name. The .old file can be deleted. It is just kept as a
precaution to prevent signature loss. Note that any already existing
.old or .new files are overwritten by these operations.
detect-file-type
----------------
This mode is used to detect the type of some well-know files used inside the
signature system. The detection is based on the file header. This mode is
primarily a debug aid.
show-sigblock-params
--------------------
This mode is used to print signature block parameters. It is similar to *dump*
mode, but will ignore everything except signature blocks. Also, some additional
meta information is printed. This mode is primarily a debug aid.
EXIT CODES
==========
The command returns an exit code of 0 if everything went fine, and some
other code in case of failures.
EXAMPLES
========
**rsgtutil --verify logfile**
This verifies the file "logfile" via its associated signature file
"logfile.gtsig". If errors are detected, these are reported to stderr.
Otherwise, rsgtutil terminates without messages.
**rsgtutil --dump logfile.gtsig**
This dumps the content of the signature file "logfile.gtsig". The
actual log file is not being processed and does not even need to be
present.
SEE ALSO
========
**rsyslogd(8)**
COPYRIGHT
=========
This page is part of the *rsyslog* project, and is available under
LGPLv2.
|