Date: Thu, 10 Dec 1998 10:58:24 +1030 (CDT) From: Mark Newton <newton@camtech.com.au> To: jjyuill@eos.ncsu.edu (Jim Yuill) Cc: FREEBSD-SECURITY@FreeBSD.ORG Subject: Re: append-only devices for logging Message-ID: <199812100028.KAA21421@frenzy.ct> In-Reply-To: <3.0.5.32.19981209185323.0093dc90@pop-in.ncsu.edu> from Jim Yuill at "Dec 9, 98 06:53:23 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Jim Yuill wrote:
> I've been looking for an append-only device for logging, which a remote
> hacker (with root access) can not erase or alter. Other than a
> line-printer, are there any such devices that actually work with Unix?
Files fit the bill on FreeBSD. Set your securelevel to 2 and
apply the "sappnd" flag (using chflags) to any files you wish
to set as "append-only". Not even root can remove the append-only
flag unless first bringing the system to a lower security level,
which requires physical access to the console for single user mode
operation.
See chflags(1).
- mark
---
Mark Newton Email: newton@camtech.com.au
Systems Engineer and Senior Trainer Phone: +61-8-8303-3300
Camtech (SA), a member of the Fax: +61-8-8303-4403
CAMTECH group of companies WWW: http://www.camtech.com.au
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199812100028.KAA21421>