Date: Sun, 10 Feb 2002 19:18:31 -0800 (PST) From: "f.johan.beisser" <jan@caustic.org> To: Bill Vermillion <bv@wjv.com> Cc: security@FreeBSD.ORG Subject: Re: Is the technique described in this article do-able with Message-ID: <20020212021241.8A72A9F131@okeeffe.bestweb.net>
next in thread | raw e-mail | index | archive | help
On Sun, 10 Feb 2002, Bill Vermillion wrote: > Hardcopy is fairly hard to search with a text editor though :-) 2 copies. one electronic, so you can do a grep on it :) > If you worry about the logs being alterable - and you did suggest > logging to a second machine - then you have a real problem with > security I'd guess. You could always run chflags on the logging > machine to make the logs append only. Wouldn't that take care > of the problem of being alterable without having to use hardcopy? not really. you can change chflags on a live machine. any attacker that's going to alter the logs will be able to see the append only flag. so, really, it's not actually secure. against a scriptkiddie, though, this may be effective. logging to another machine that *only* listens to syslog, or is attached to the serial port and only listens to the console log, and can't be accessed from the network may be a solution. this is, as i said, outside of "normal home usage", and generally only done at really paranoid places. -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan@caustic.org "John Ashcroft is really just the reanimated corpse of J. Edgar Hoover." -- Tim Triche To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020212021241.8A72A9F131>