Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
PEOCHK(8)		  BSD System Manager's Manual		     PEOCHK(8)

     peochk -- Initial key generator and integrity log file checker

     peochk [-f	logfile] [-g] [-h] [-i key0file] [-k keyfile] [-l]
	    [-m	hash_method] [-q] [logfile]

     peochk generates the initial key file and checks log files	generated by
     syslogd(8)	using peo output module	om_peo(8).  The	options	are as fol-

     -f	logfile
	     Specify the pathname of a log file, if logfile is not specified
	     using this	option,	data is	read from standard input and the path-
	     name is used only to generate reports and/or to obtain the	key
	     files pathnames when the -k and/or	-i options are not specified;
	     the default is /var/log/messages.

     -g	     Generates two key files with an initial key into them, one	in bi-
	     nary mode ( keyfile, to be	used by	peo output module ) and	the
	     other in ascii mode ( key0file ), the admin should	put the	last
	     one into a	secure place and remove	it from	the specified path
	     (see -i and -k options); when this	option is not specified	peochk
	     is	in check mode.

     -h	     Displays a	little help.

     -i	key0file
	     Specify the initial key pathname; the default is keyfile pathname
	     with a "0"	char added at the end (see -k option).

     -k	keyfile
	     Specify the key pathname (this file is used by the	peo output
	     module to generate	a hash key from	the last logged	message); the
	     default is	/var/ssyslogd/xxx.key where xxx	is logfile (specified
	     with -f option or without it) with	all '/'	replaced by '.'.

     -l	     Used only in check	mode to	detect the first corrupted line; it is
	     ignored when specified with the -g	option.

     -m	hash_method
	     Specifies the hash	method used to generate	the keys, hash_method
	     should be one of md5, sha1, or rmd160; the	default	is sha1.

     -q	     Quiet mode; prints	'0' on stdout when logfile is not corrupted,
	     and '1' or	line number (see -l option) when the logfile is	cor-

     If	you want to protect the	/var/log/authlog file you can:

     1.	  run the command:

		peochk -g -f /var/log/authlog -i authkey0 -m rmd160

	  this will generate the /var/ssylog/var.log.authlog.key file with the
	  initial key in binary	mode and the ./authkey0	file with that key
	  translated to	ascii, the hash	method used to generate	the key	is
	  rmd160; you should memorice the contents of ./authkey0 file and
	  rm(1)	it.

     2.	  Edit syslog.conf(5) file and enable peo output module	with something
	  like this: %classic /var/log/authlog %peo -m rmd160 -l -k

     3.	  Inform new changes on	syslog.conf(5) to syslogd(8):

		kill -HUP `cat /var/run/`

     4.	  When you believe that	someone	owned your machine you can:

		peochk -m rmd160 -f /var/log/authlog -i	mykey

	  the contents of mykey	should be the same as ./authkey0 generated in
	  step 1; with the command above you can verify	that the file was (or
	  not) corrupted (it is	important not to forget	the -m option because
	  the default used is sha1 and the keys	generated was using rmd160 ).

     syslog.conf(5), om_peo(8),	syslogd(8)

     Submit bugs at this project's Sourceforge Bug reporting system at: You
     may also report them directly to the authors; send	an email to, describing the problem the most you can, containing
     also machine description, hardware	description, the configuration file
     (/usr/local/etc/syslog.conf), the OS description, and the invoking	com-
     mand line.	 The more you describe the bug,	the faster we can fix it.

Core-SDI			 May 10, 2000			      Core-SDI


Want to link to this manual page? Use this URL:

home | help