Date: Mon, 28 Jul 1997 09:12:37 -0400 (EDT) From: David Holland <dholland@eecs.harvard.edu> To: robert@cyrus.watson.org Cc: security@freebsd.org Subject: secure logging (was: Re: security hole in FreeBSD) Message-ID: <199707281312.JAA17812@burgundy.eecs.harvard.edu> In-Reply-To: <Pine.BSF.3.95q.970728082931.3000B-100000@cyrus.watson.org> from "Robert Watson" at Jul 28, 97 08:36:52 am
next in thread | previous in thread | raw e-mail | index | archive | help
> BTW, does anyone know if there is a secure logging protocol? Syslog on
> UDP seems a tad unreliable, not to mention opening one up from DoS. I log
> to a loghost, and that machine could easily suffer DoS from log flooding,
> etc. A simple signature arrangement using MD5 (HMAC?) similar to DNS TSIG
> would be easy enough to arrange, and far more secure. I assume someone,
> somewhere has written one, or implemented one, but I haven't been
> following the Internet Draft releases to closely.
I don't know of any; if you run across one or are thinking about
designing one, please post or mail... absent any other readily
available secure mechanism probably the best bet is to carry log data
over ssh. Of course, this doesn't solve the denial of service issue as
anyone with a login can spam the local syslog.
--
- David A. Holland | VINO project home page:
dholland@eecs.harvard.edu | http://www.eecs.harvard.edu/vino
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199707281312.JAA17812>