On Fri, Jun 07, 2002 at 11:23:52AM +0900, Oohara Yuuma wrote:
> On Thu, 6 Jun 2002 20:28:24 +0200 (MEST),
> Thomas Schmid <t.schmid@gmx.net> wrote:
> > So, I set up my server with aide and tiger to check it's integrity. The
> > reports are mailed to root which one is redirected to an other localadress
> > and to a second adresse on a other server. My question is now: is it
> > possible to let the mails be pgp encrypted with gnupg
> I don't know either aide or tiger, but if there is a cron job like
> aide | mail
> then changing it to
> aide | gpg -e -a | mail
> may work.
I wrote something similar to send GnuPG encrypted & signed email from a
shell script:
http://karl.jorgensen.com/smash/
It's purpose is quite different (and not very well tested ATM), from
what you want, but you may be able to use the code inside it. It works
well with when reading the mails it sends with mutt; haven't tried other
GnuPG-enabled mail clients.
> > so I can check if
> > the mails realy are from my server and that no one intercepted and changed
> > them?
> You may need a dedicated keypair for it because anyone who have
> a copy of your public key can encrypt a fake report, intercept
> the real report and replace it.
In order to send signed emails unattended, the signing key cannot have a
passphrase. So I suggest using a special key just for that purpose (and
not uploading it to any key servers).
HTH
--
Karl E. Jørgensen
karl@jorgensen.com
www.karl.jorgensen.com
==== Today's fortune:
> Linux is not user-friendly.
It _is_ user-friendly. It is not ignorant-friendly and idiot-friendly.
-- Seen somewhere on the net
Attachment:
pgpyL2J9Gi52Q.pgp
Description: PGP signature