From owner-freebsd-security  Wed Dec  9 15:49:49 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id PAA14455
          for freebsd-security-outgoing; Wed, 9 Dec 1998 15:49:49 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from cc00ms.unity.ncsu.edu (cc00ms.unity.ncsu.edu [152.1.1.35])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA14450
          for <FREEBSD-SECURITY@FreeBSD.ORG>; Wed, 9 Dec 1998 15:49:45 -0800 (PST)
          (envelope-from jjyuill@eos.ncsu.edu)
Received: from wind (wind.csc.ncsu.edu [152.1.75.167])
          by cc00ms.unity.ncsu.edu (8.8.4/US19Dec96) with SMTP
	  id SAA20374 for <FREEBSD-SECURITY@FreeBSD.ORG>; Wed, 9 Dec 1998 18:49:33 -0500 (EST)
Message-Id: <3.0.5.32.19981209185323.0093dc90@pop-in.ncsu.edu>
X-Sender: jjyuill@pop-in.ncsu.edu
X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32)
Date: Wed, 09 Dec 1998 18:53:23 -0500
To: FREEBSD-SECURITY@FreeBSD.ORG
From: Jim Yuill <jjyuill@eos.ncsu.edu>
Subject: append-only devices for logging
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

I've been looking for an append-only device for logging, which a remote
hacker (with root access) can not erase or alter.  Other than a
line-printer, are there any such devices that actually work with Unix?  

>From what I understand, a write-once CD has restricted writing capability
that would make it unsuitable for logging.  

According to CERT, these things exist:

>Log selected data to a write-once/read-many device (e.g., a 
>CD-ROM or a specially configured tape drive) to eliminate the
>possibility of the data being modified once it is written, or 
>to a write-only device (e.g., a printer).
>
>http://www.cert.org/security-improvement/practices/p041.html

but I've spent the afternoon looking, and havent' found anything.

Thanks in advance for any pointers,
Jim


#############################################################
Jim Yuill, graduate student
Computer Science Department,  North Carolina State University
919-513-1894 (w),  919-546-0537 (h)  
home page:  http://www.pobox.com/~jimyuill

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message