Slackware 14.2 işletim sistemi üzerinde zaman damgalı log üretme 20.11.2021
Önceden kurulu Slackware üzerinde gelen openssl yerine şu an son sürümü indirip kuralım.
mkdir /KURULUM2021
cd /KURULUM2021
wget https://www.openssl.org/source/openssl-1.1.1l.tar.gz
tar xvf openssl-1.1.1l.tar.gz
cd openssl-1.1.1l
./config
make
make install
ldconfig
openssl version komutu ile kurulu olan sürümü görüyoruz
OpenSSL 1.1.1l 24 Aug 2021
/etc/rc.d/rc.syslog ta alt satir gibi acilmali yoksa 514 portu aktif olmuyor.
#SYSLOGD_OPTIONS="-c "
SYSLOGD_OPTIONS="-r -m 0 "
netstat -tulnp ile 512 portunun hizmet verdiğini gör.
20 yıllık sertifika üreteceğiz
mkdir /sertifikalar
cd /sertifikalar
openssl req -config /usr/local/ssl/openssl.cnf -days 7310 -x509 -newkey rsa:2048 -out cacert.pem -outform PEM
Alttaki alanları kuruma göre doldurun. cacert.pem ve privkey.pem dosyaları oluşacaktır dizinde
Generating a 2048 bit RSA private key
..........................................................+++
............................................+++
writing new private key to 'privkey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:TR
State or Province Name (full name) [Some-State]:Gaziantep-Turkey
Locality Name (eg, city) []:Gaziantep
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Gaziantep Universitesi
Organizational Unit Name (eg, section) []:Bilgi islem Merkezi
Common Name (eg, YOUR name) []:logserver001.gantep.edu.tr
Email Address []:logadmin@gantep.edu.tr
cp -r /usr/local/src/openssl-1.0.0k/apps/demoCA/ /GAUN
mkdir /GAUN/newcerts
root@log:/sertifikalar# mv /GAUN/cacert.pem /GAUN/cacert.pem.old
root@log:/sertifikalar# cp /sertifikalar/cacert.pem /GAUN/
root@log:/sertifikalar#mv /GAUN/private/cakey.pem /GAUN/private/cakey.pem.old
root@log:/sertifikalar#cp /sertifikalar/privkey.pem /GAUN/private/cakey.pem
/usr/local/ssl/openssl.cnf da alt satırları aktif et
#dir = ./demoCA # Where everything is kept iptal
dir = /GAUN # Where everything is kept
#dir = ./demoCA # TSA root directory iptal
dir = /GAUN # TSA root directory
extendedKeyUsage = critical,timeStamping
keyUsage = nonRepudiation, digitalSignature
openssl genrsa -aes256 -out tsakey.pem 2048
Generating RSA private key, 2048 bit long modulus
...........................+++
................................................+++
root@log:/sertifikalar# ls -asl
total 20
4 drwxr-xr-x 2 root root 4096 2010-07-12 15:50 ./
4 drwxr-xr-x 23 root root 4096 2010-07-12 14:39 ../
4 -rw-r--r-- 1 root root 1570 2010-07-12 14:32 cacert.pem
4 -rw-r--r-- 1 root root 1834 2010-07-12 14:32 privkey.pem
4 -rw-r--r-- 1 root root 1766 2010-07-12 15:51 tsakey.pem
openssl req -new -key tsakey.pem -out tsareq.csr
Enter pass phrase for tsakey.pem:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:TR
State or Province Name (full name) [Some-State]:Gaziantep-Turkey
Locality Name (eg, city) []:Gaziantep
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Gaziantep Universitesi
Organizational Unit Name (eg, section) []:Bilgi islem Merkezi
Common Name (eg, YOUR name) []:logserver001.gantep.edu.tr
Email Address []:system@gantep.edu.tr
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:sifreyi bos gectim
An optional company name []: Bos gectim
root@log:/sertifikalar# ls -asl
total 24
4 drwxr-xr-x 2 root root 4096 2010-07-12 15:56 ./
4 drwxr-xr-x 23 root root 4096 2010-07-12 14:39 ../
4 -rw-r--r-- 1 root root 1570 2010-07-12 14:32 cacert.pem
4 -rw-r--r-- 1 root root 1834 2010-07-12 14:32 privkey.pem
4 -rw-r--r-- 1 root root 1766 2010-07-12 15:51 tsakey.pem
4 -rw-r--r-- 1 root root 1159 2010-07-12 15:56 tsareq.csr
-------------------------------------------------------------------------
openssl ca -config /etc/ssl/openssl.cnf -in tsareq.csr -out tsacert.pem
Using configuration from /etc/ssl/openssl.cnf
Enter pass phrase for /GAUN/private/cakey.pem:
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 286 (0x11e)
Validity
Not Before: Jul 12 12:59:00 2019 GMT
Not After : Jul 12 12:59:00 2029 GMT
Subject:
countryName = TR
stateOrProvinceName = Gaziantep-Turkey
organizationName = Gaziantep Universitesi
organizationalUnitName = Bilgi islem Merkezi
commonName = logserver001.gantep.edu.tr
emailAddress = logadmin@gantep.edu.tr
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Non Repudiation
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
D8:D0:A9:65:11:D0:DE:53:A0:CC:9C:CA:79:8C:1E:EC:AC:69:7F:EF
X509v3 Authority Key Identifier:
keyid:99:5E:9B:BE:8B:8B:49:87:E3:E5:99:59:0C:BD:11:D6:CF:D8:5E:EE
X509v3 Extended Key Usage: critical
Time Stamping
Certificate is to be certified until Jul 12 12:59:00 2011 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
-------------------------------------------------------------------------
root@log:/sertifikalar# cp /sertifikalar/tsacert.pem /GAUN/
root@log:/sertifikalar# cp /sertifikalar/tsakey.pem /GAUN/private/
imza dizini içine alacağımız leases dosyasını zaman damgalayalım.
root@log:/sertifikalar# mkdir /zamandamga
root@log:/sertifikalar# cd /zamandamga
cp /var/log/leases .
ls -asl
total 12
4 drwxr-xr-x 2 root root 4096 2010-07-12 16:02 ./
4 drwxr-xr-x 24 root root 4096 2010-07-12 16:01 ../
4 -rw-r----- 1 root root 3758 2010-07-12 16:02 leases
-------------------------------------------------------------------------
openssl ts -query -data leases -no_nonce -out leases.tsq
ls -asl
total 16
4 drwxr-xr-x 2 root root 4096 2010-07-12 16:04 ./
4 drwxr-xr-x 24 root root 4096 2010-07-12 16:01 ../
4 -rw-r----- 1 root root 3758 2010-07-12 16:02 leases
4 -rw-r--r-- 1 root root 40 2010-07-12 16:04 leases.tsq
-------------------------------------------------------------------------
openssl ts -reply -queryfile leases.tsq -out leases.tsr -config /usr/local/ssl/openssl.cnf
Using configuration from /etc/ssl/openssl.cnf
Enter PEM pass phrase:
Warning: could not open file /GAUN/tsaserial for reading, using serial number: 1
Response has been generated.
ls -asl
total 20
4 drwxr-xr-x 2 root root 4096 2010-07-12 16:06 ./
4 drwxr-xr-x 24 root root 4096 2010-07-12 16:01 ../
4 -rw-r----- 1 root root 3758 2010-07-12 16:02 leases
4 -rw-r--r-- 1 root root 40 2010-07-12 16:04 leases.tsq
4 -rw-r--r-- 1 root root 983 2010-07-12 16:06 leases.tsr
-------------------------------------------------------------------------
openssl ts -reply -in leases.tsr -text
Status info:
Status: Granted.
Status description: unspecified
Failure info: unspecified
TST info:
Version: 1
Policy OID: 1.2.3.4.1
Hash Algorithm: sha1
Message data:
0000 - 95 f0 82 61 ad fe 60 24-84 fd 7e 0e c2 fe 57 bf ...a..`$..~...W.
0010 - 60 c1 b9 dc Serial number: 0x01
Time stamp: Jul 12 13:06:06 2010 GMT
Accuracy: 0x01 seconds, 0x01F4 millis, 0x64 micros
Ordering: yes
Nonce: unspecified
TSA: DirName:/C=TR/ST=Gaziantep-Turkey/O=Gaziantep Universitesi/OU=Bilgi islem Merkezi/CN=logserver.gantep.edu.tr/emailAddress=system@gantep.edu.tr
Extensions:
--------------------------------------------------------------
openssl ts -reply -queryfile leases.tsq -out leases.der -token_out -config /usr/local/ssl/openssl.cnf
Using configuration from /usr/local/ssl/openssl.cnf
Enter PEM pass phrase:
Response has been generated.
ls -asl
total 24
4 drwxr-xr-x 2 root root 4096 2010-07-12 16:09 ./
4 drwxr-xr-x 24 root root 4096 2010-07-12 16:01 ../
4 -rw-r----- 1 root root 3758 2010-07-12 16:02 leases
4 -rw-r--r-- 1 root root 974 2010-07-12 16:09 leases.der
4 -rw-r--r-- 1 root root 40 2010-07-12 16:04 leases.tsq
4 -rw-r--r-- 1 root root 983 2010-07-12 16:06 leases.tsr
---------------------------------------------------------------
openssl ts -reply -in leases.der -token_in -text -token_out
Version: 1
Policy OID: 1.2.3.4.1
Hash Algorithm: sha1
Message data:
0000 - 95 f0 82 61 ad fe 60 24-84 fd 7e 0e c2 fe 57 bf ...a..`$..~...W.
0010 - 60 c1 b9 dc `...
Serial number: 0x02
Time stamp: Jul 12 13:09:52 2010 GMT
Accuracy: 0x01 seconds, 0x01F4 millis, 0x64 micros
Ordering: yes
Nonce: unspecified
TSA: DirName:/C=TR/ST=Gaziantep-Turkey/O=Gaziantep Universitesi/OU=Bilgi islem Merkezi/CN=logserver001.gantep.edu.tr/emailAddress=logadmin@gantep.edu.tr
Extensions:
openssl asn1parse -in leases.der -inform DER
0:d=0 hl=4 l= 970 cons: SEQUENCE
4:d=1 hl=2 l= 9 prim: OBJECT :pkcs7-signedData
15:d=1 hl=4 l= 955 cons: cont [ 0 ]
19:d=2 hl=4 l= 951 cons: SEQUENCE
23:d=3 hl=2 l= 1 prim: INTEGER :03
26:d=3 hl=2 l= 11 cons: SET
28:d=4 hl=2 l= 9 cons: SEQUENCE
30:d=5 hl=2 l= 5 prim: OBJECT :sha1
37:d=5 hl=2 l= 0 prim: NULL
39:d=3 hl=4 l= 287 cons: SEQUENCE
43:d=4 hl=2 l= 11 prim: OBJECT :id-smime-ct-TSTInfo
56:d=4 hl=4 l= 270 cons: cont [ 0 ]
60:d=5 hl=4 l= 266 prim: OCTET STRING [HEX
DUMP]:3082010602010106042A0304013021300906052B0E03021A0500041495F08261ADFE602484FD7E0EC2FE57BF60C1B9DC020102180F32303130303731323133303935325A300A020101800201F48101640101FFA081
B4A481B13081AE310B30090603550406130254523119301706035504080C1047617A69616E7465702D5475726B6579311F301D060355040A0C1647617A69616E74657020556E69766572736974657369311C301A06035504
0B0C1342696C67692069736C656D204D65726B657A693120301E06035504030C176C6F677365727665722E67616E7465702E6564752E74723123302106092A864886F70D010901161473797374656D4067616E7465702E65
64752E7472
330:d=3 hl=4 l= 640 cons: SET
334:d=4 hl=4 l= 636 cons: SEQUENCE
338:d=5 hl=2 l= 1 prim: INTEGER :01
341:d=5 hl=3 l= 201 cons: SEQUENCE
344:d=6 hl=3 l= 194 cons: SEQUENCE
347:d=7 hl=2 l= 11 cons: SET
349:d=8 hl=2 l= 9 cons: SEQUENCE
351:d=9 hl=2 l= 3 prim: OBJECT :countryName
356:d=9 hl=2 l= 2 prim: PRINTABLESTRING :TR
360:d=7 hl=2 l= 25 cons: SET
362:d=8 hl=2 l= 23 cons: SEQUENCE
364:d=9 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
369:d=9 hl=2 l= 16 prim: UTF8STRING :Gaziantep-Turkey
387:d=7 hl=2 l= 18 cons: SET
389:d=8 hl=2 l= 16 cons: SEQUENCE
391:d=9 hl=2 l= 3 prim: OBJECT :localityName
396:d=9 hl=2 l= 9 prim: UTF8STRING :Gaziantep
407:d=7 hl=2 l= 31 cons: SET
409:d=8 hl=2 l= 29 cons: SEQUENCE
411:d=9 hl=2 l= 3 prim: OBJECT :organizationName
416:d=9 hl=2 l= 22 prim: UTF8STRING :Gaziantep Universitesi
440:d=7 hl=2 l= 28 cons: SET
442:d=8 hl=2 l= 26 cons: SEQUENCE
444:d=9 hl=2 l= 3 prim: OBJECT :organizationalUnitName
449:d=9 hl=2 l= 19 prim: UTF8STRING :Bilgi islem Merkezi
470:d=7 hl=2 l= 32 cons: SET
472:d=8 hl=2 l= 30 cons: SEQUENCE
474:d=9 hl=2 l= 3 prim: OBJECT :commonName
479:d=9 hl=2 l= 23 prim: UTF8STRING :logserver001.gantep.edu.tr
504:d=7 hl=2 l= 35 cons: SET
506:d=8 hl=2 l= 33 cons: SEQUENCE
508:d=9 hl=2 l= 9 prim: OBJECT :emailAddress
519:d=9 hl=2 l= 20 prim: IA5STRING :logadmin@gantep.edu.tr
541:d=6 hl=2 l= 2 prim: INTEGER :011E
545:d=5 hl=2 l= 9 cons: SEQUENCE
547:d=6 hl=2 l= 5 prim: OBJECT :sha1
554:d=6 hl=2 l= 0 prim: NULL
556:d=5 hl=3 l= 140 cons: cont [ 0 ]
559:d=6 hl=2 l= 26 cons: SEQUENCE
561:d=7 hl=2 l= 9 prim: OBJECT :contentType
572:d=7 hl=2 l= 13 cons: SET
574:d=8 hl=2 l= 11 prim: OBJECT :id-smime-ct-TSTInfo
587:d=6 hl=2 l= 28 cons: SEQUENCE
589:d=7 hl=2 l= 9 prim: OBJECT :signingTime
600:d=7 hl=2 l= 15 cons: SET
602:d=8 hl=2 l= 13 prim: UTCTIME :100712130952Z
617:d=6 hl=2 l= 35 cons: SEQUENCE
619:d=7 hl=2 l= 9 prim: OBJECT :messageDigest
630:d=7 hl=2 l= 22 cons: SET
632:d=8 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:64BA2DBB0F167A23C21931A93B35FFD59D52DE35
654:d=6 hl=2 l= 43 cons: SEQUENCE
656:d=7 hl=2 l= 11 prim: OBJECT :id-smime-aa-signingCertificate
669:d=7 hl=2 l= 28 cons: SET
671:d=8 hl=2 l= 26 cons: SEQUENCE
673:d=9 hl=2 l= 24 cons: SEQUENCE
675:d=10 hl=2 l= 22 cons: SEQUENCE
677:d=11 hl=2 l= 20 prim: OCTET STRING [HEX DUMP]:E94D48328D7F8B99839F2EBD236993B8656291EA
699:d=5 hl=2 l= 13 cons: SEQUENCE
701:d=6 hl=2 l= 9 prim: OBJECT :rsaEncryption
712:d=6 hl=2 l= 0 prim: NULL
714:d=5 hl=4 l= 256 prim: OCTET STRING [HEX
DUMP]:739CA704758CF315616956148E6F27DF9A56B203187ADD1C337CBAC7611C893229C10AFC74EE0C2F479B2308315E0DC27C42EFE40502C610001AA64990570498DA66865C002934A0C2906771B2C3627AF86C6D0767
D0A7594D1D0E528A0A6C658312D7B94A616D0647DFB7F25D63EEF55A74DAC648280EF72108039D90518A9E41BD3B585679E5FF876A1778989ADF245AE7C7C74D719B235B81093A388C69C3E321F9B75F365ADA073DA64972
EB903636BC6C14281AE874EB1E871C0151F0F1DCCFEDBB38862A3E4DEEE0209E5B0996819A0FC95C0C54758AB7110BF927D6ECE34C5E65DCA583A43D005523E1C3D7E0191DBBB8A0684761F7E5721BA16E810D
-------------------------------------------------------------------------
Verify islemleri
openssl ts -verify -data leases -in leases.der -token_in -CAfile /GAUN/cacert.pem -untrusted /GAUN/tsacert.pem
Verification: OK
openssl ts -verify -queryfile leases.tsq -in leases.tsr -CAfile /GAUN/cacert.pem -untrusted /GAUN/tsacert.pem
Verification: OK
Eger dosyalar ile imza sonrası oynayip tekrar verification islemi yaparsak Verification: FAILED hatasi verdiğini yani dosyanın aslının bozulduğunu görürüz.