From owner-freebsd-security Wed Dec 9 17:07:03 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id RAA25601 for freebsd-security-outgoing; Wed, 9 Dec 1998 17:07:03 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from gjp.erols.com (alex-va-n008c079.moon.jic.com [206.156.18.89]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA25588 for ; Wed, 9 Dec 1998 17:06:59 -0800 (PST) (envelope-from gjp@gjp.erols.com) Received: from gjp.erols.com (localhost.erols.com [127.0.0.1]) by gjp.erols.com (8.9.1/8.8.7) with ESMTP id UAA12620; Wed, 9 Dec 1998 20:06:51 -0500 (EST) (envelope-from gjp@gjp.erols.com) To: Jim Yuill cc: FREEBSD-SECURITY@FreeBSD.ORG From: "Gary Palmer" Subject: Re: append-only devices for logging In-reply-to: Your message of "Wed, 09 Dec 1998 18:53:23 EST." <3.0.5.32.19981209185323.0093dc90@pop-in.ncsu.edu> Date: Wed, 09 Dec 1998 20:06:51 -0500 Message-ID: <12616.913252011@gjp.erols.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Jim Yuill wrote in message ID <3.0.5.32.19981209185323.0093dc90@pop-in.ncsu.edu>: > I've been looking for an append-only device for logging, which a remote > hacker (with root access) can not erase or alter. Other than a > line-printer, are there any such devices that actually work with Unix? Sure, why does it have to be a line printer at the other end of the serial/parallel cable? It could be a PC that just logs the data it gets over a raw serial connection (i.e. one way, no return) ... if the only access to that machine is the console, does that meet your requirements? The other option is the `sappnd' flag and a higher run level, but you need to reboot to do log rotation. Gary -- Gary Palmer FreeBSD Core Team Member FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message