Centos 6.5:
1 Download and untar
# wget http://dl.bintray.com/yjesus/LibCryptoLog/libCryptoLog.tgz
# tar -xvzf libCryptoLog.tgz
2 To use the helpers we need perl-Crypt-RSA
# yum -y install perl-Crypt-RSA
3 Create your own RSA keys (key.public / key.private)
# perl rsacreate.pl
4 Copy key.public to /usr/local/etc/
# cp key.public /usr/local/etc/
5 Copy helper file to /usr/local/bin
# cp rsacrypt.pl /usr/local/bin/
6 Next, we need to locate the ID filedescriptor where Apache save the logs
# lsof -p 1508
httpd 1508 root 0r CHR 1,3 0t0 3903 /dev/null
httpd 1508 root 1w CHR 1,3 0t0 3903 /dev/null
httpd 1508 root 2w REG 253,0 3522 398650 /var/log/httpd/error_log
httpd 1508 root 3r CHR 1,9 0t0 3908 /dev/urandom
httpd 1508 root 4u sock 0,6 0t0 10395 can't identify protocol
httpd 1508 root 5u IPv6 10396 0t0 TCP *:http (LISTEN)
httpd 1508 root 6r FIFO 0,8 0t0 10489 pipe
httpd 1508 root 7w FIFO 0,8 0t0 10489 pipe
httpd 1508 root 8w REG 253,0 265970 398649 /var/log/httpd/access_log
So, as you can see, the ID for /var/log/httpd/error_log and /var/log/httpd/access_log are 2 and 8
7 Adapt libCryptoLog to encrypt only this filedescriptors
# vi libCryptoLog.c
And search for:
int filedesyes[2] = {3, 10};
Change to:
int filedesyes[2] = {2, 8};
8 Compile and install
# gcc -Wall -fPIC -shared -o libCryptoLog.so libCryptoLog.c -ldl -lssl
# cp libCryptoLog.so /usr/local/lib/
9 Change init.d scripts to launch Apache with LD_PRELOAD pointing to our lib
# vi /etc/init.d/httpd
and change:
start() {
echo -n $"Starting $prog: "
LANG=$HTTPD_LANG daemon --pidfile=${pidfile} $httpd $OPTIONS
RETVAL=$?
echo
[ $RETVAL = 0 ] && touch ${lockfile}
return $RETVAL
}
To
start() {
echo -n $"Starting $prog: "
LD_PRELOAD=/usr/local/lib/libCryptoLog.so LANG=$HTTPD_LANG daemon --pidfile=${pidfile} $httpd $OPTIONS
RETVAL=$?
echo
[ $RETVAL = 0 ] && touch ${lockfile}
return $RETVAL
}
10 Restart apache
# service httpd stop
# service httpd start
11 et voila, if you check /var/log/httpd/error_log and /var/log/httpd/access_log you can see the logs encrypted
BEGINCRYPTO
gRNmfi/yS9Vaya37VJ7sM+iZtoYDG976SWPa4XTLnPGccBTd56J8Bk0uLZyK86vopcjdKp2JPDr7
oHWk/TKA00IStIgvTofUH9DeZGepqikIkjJg9wylAJ0ROjpcerozOX1LQWuj+ZoOxRu7K+UIeQmc
389SjDAyqNs/U8UHc75ntbVHy/A1e95fWUAHnkcD/1au463ugNHQmCJoSHA4NgwhDmwUJLafWSKr
T/L6BaOsruxDtkUqu0gBfROadVuc9oALSdRSc5WqA3T5HuS10a49szZ5zedqtQJiQFjikJCRo/v6
tzYHHs3Es+8yfpZti/l3pChW8+zHCxuPRKNccg==
ENDCRYPTO
BEGINCRYPTO
VB68V3MyG7yNHfYc8UR69ZbaC4ztBkOigWnKZzlKTMiXNdSBFEJ++TPKQXUFo4j8AfrgQPL6DQQ8
nd0yoMSaA3ojq+MvBY5cSLstVeEGaIJSXRboZMGyq6UpfOAqvWLvd48w63ND9cKKDBkEQcfUM3a7
S5KPss/qqSKYcsSHsqk=
ENDCRYPTO
BEGINCRYPTO
12 To decrypt logs, use rsadecrypt.pl
# perl rsadecrypt.pl /var/log/httpd/error_log error2.txt
In error2.txt the are decrypted logs