Date: Thu, 10 Dec 1998 10:58:24 +1030 (CDT) From: Mark Newton <newton@camtech.com.au> To: jjyuill@eos.ncsu.edu (Jim Yuill) Cc: FREEBSD-SECURITY@FreeBSD.ORG Subject: Re: append-only devices for logging Message-ID: <199812100028.KAA21421@frenzy.ct> In-Reply-To: <3.0.5.32.19981209185323.0093dc90@pop-in.ncsu.edu> from Jim Yuill at "Dec 9, 98 06:53:23 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Jim Yuill wrote: > I've been looking for an append-only device for logging, which a remote > hacker (with root access) can not erase or alter. Other than a > line-printer, are there any such devices that actually work with Unix? Files fit the bill on FreeBSD. Set your securelevel to 2 and apply the "sappnd" flag (using chflags) to any files you wish to set as "append-only". Not even root can remove the append-only flag unless first bringing the system to a lower security level, which requires physical access to the console for single user mode operation. See chflags(1). - mark --- Mark Newton Email: newton@camtech.com.au Systems Engineer and Senior Trainer Phone: +61-8-8303-3300 Camtech (SA), a member of the Fax: +61-8-8303-4403 CAMTECH group of companies WWW: http://www.camtech.com.au To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199812100028.KAA21421>