Journald FSS Verification

ESF 7.0 is able to periodically check Systemd Journal files integrity performing FSS (Forward Secure Sealing) verification of the current log files under /var/log/journal.

This functionality is implemented as a Tamper Detection service, if the integrity check fails, the system will be reported as tampered.

🚧

Warning

Performing a Tamper Status reset on this service is not supported, attempting to perform such operation will have no effect.
The only way to reset the tamper status is to manually delete the log files.

Configuration

This feature can be configured using the Journald FSS Verification component.

22182218

The available settings are the following:

  • Enabled: Allows to completely enable or disable this feature. If not enabled, FSS verification component will not register itself as a Tamper Detection service.

  • FSS Key: The FSS verification key to be used for the integrity check.

  • Startup check delay and Startup check delay time unit: Allow to specify the delay of the first check after startup or FSS component configuration update.

  • Periodic check interval and Periodic check interval time unit: Allow to specify the delay between two consecutive periodic integrity checks.