From owner-freebsd-security Mon Jul 28 07:05:04 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id HAA07938 for security-outgoing; Mon, 28 Jul 1997 07:05:04 -0700 (PDT) Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id HAA07921 for ; Mon, 28 Jul 1997 07:04:53 -0700 (PDT) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.8.5/8.8.5) id KAA28556; Mon, 28 Jul 1997 10:04:50 -0400 (EDT) Date: Mon, 28 Jul 1997 10:04:50 -0400 (EDT) From: Garrett Wollman Message-Id: <199707281404.KAA28556@khavrinen.lcs.mit.edu> To: David Holland Cc: security@FreeBSD.ORG Subject: secure logging (was: Re: security hole in FreeBSD) In-Reply-To: <199707281312.JAA17812@burgundy.eecs.harvard.edu> References: <199707281312.JAA17812@burgundy.eecs.harvard.edu> Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk < said: > I don't know of any; if you run across one or are thinking about > designing one, please post or mail... absent any other readily > available secure mechanism probably the best bet is to carry log data > over ssh. Of course, this doesn't solve the denial of service issue as > anyone with a login can spam the local syslog. It would be pretty trivial to add Kerberos authentication to syslogd (using krb_mk_safe/krb_rd_safe).... Of course, that doesn't help most users, but perhaps it can serve as an incentive. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick