On Fri, Jun 07, 2002 at 11:23:52AM +0900, Oohara Yuuma wrote: > On Thu, 6 Jun 2002 20:28:24 +0200 (MEST), > Thomas Schmid <t.schmid@gmx.net> wrote: > > So, I set up my server with aide and tiger to check it's integrity. The > > reports are mailed to root which one is redirected to an other localadress > > and to a second adresse on a other server. My question is now: is it > > possible to let the mails be pgp encrypted with gnupg > I don't know either aide or tiger, but if there is a cron job like > aide | mail > then changing it to > aide | gpg -e -a | mail > may work. I wrote something similar to send GnuPG encrypted & signed email from a shell script: http://karl.jorgensen.com/smash/ It's purpose is quite different (and not very well tested ATM), from what you want, but you may be able to use the code inside it. It works well with when reading the mails it sends with mutt; haven't tried other GnuPG-enabled mail clients. > > so I can check if > > the mails realy are from my server and that no one intercepted and changed > > them? > You may need a dedicated keypair for it because anyone who have > a copy of your public key can encrypt a fake report, intercept > the real report and replace it. In order to send signed emails unattended, the signing key cannot have a passphrase. So I suggest using a special key just for that purpose (and not uploading it to any key servers). HTH -- Karl E. Jørgensen karl@jorgensen.com www.karl.jorgensen.com ==== Today's fortune: > Linux is not user-friendly. It _is_ user-friendly. It is not ignorant-friendly and idiot-friendly. -- Seen somewhere on the net
Attachment:
pgpyL2J9Gi52Q.pgp
Description: PGP signature