Date: Mon, 28 Jul 1997 09:40:14 -0400 (EDT) From: Adam Shostack <adam@homeport.org> To: dholland@eecs.harvard.edu (David Holland) Cc: robert@cyrus.watson.org, security@FreeBSD.ORG Subject: Re: secure logging (was: Re: security hole in FreeBSD) Message-ID: <199707281340.JAA03478@homeport.org> In-Reply-To: <199707281312.JAA17812@burgundy.eecs.harvard.edu> from David Holland at "Jul 28, 97 09:12:37 am"
next in thread | previous in thread | raw e-mail | index | archive | help
| I don't know of any; if you run across one or are thinking about
| designing one, please post or mail... absent any other readily
| available secure mechanism probably the best bet is to carry log data
| over ssh. Of course, this doesn't solve the denial of service issue as
| anyone with a login can spam the local syslog.
I've been working on a draft set of requirements--very drafty, but
since the subject came up, I'll share & ask for feedback.
Requirements
Reliability: The system must make substantial efforts to not
lose information.
Network Requirements
TCP based
Application sequencing with explicit ack before sender deletes
Application Reliability
NO data discarding
Solid message handling locally-messages kept until discard
Repeated message management (?)
Portability
External Alerting
External Intrusion Detection linking
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199707281340.JAA03478>