Date: Sun, 10 Feb 2002 22:10:29 -0800 From: "Crist J. Clark" <cjc@FreeBSD.ORG> To: "f.johan.beisser" <jan@caustic.org> Cc: Bill Vermillion <bv@wjv.com>, security@FreeBSD.ORG Subject: Re: Is the technique described in this article do-able with Message-ID: <20020210221029.A20884@blossom.cjclark.org> In-Reply-To: <20020210190958.B21734-100000@localhost>; from jan@caustic.org on Sun, Feb 10, 2002 at 07:18:31PM -0800 References: <20020210231559.GA2136@wjv.com> <20020210190958.B21734-100000@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Feb 10, 2002 at 07:18:31PM -0800, f.johan.beisser wrote:
> On Sun, 10 Feb 2002, Bill Vermillion wrote:
>
> > Hardcopy is fairly hard to search with a text editor though :-)
>
> 2 copies. one electronic, so you can do a grep on it :)
>
> > If you worry about the logs being alterable - and you did suggest
> > logging to a second machine - then you have a real problem with
> > security I'd guess. You could always run chflags on the logging
> > machine to make the logs append only. Wouldn't that take care
> > of the problem of being alterable without having to use hardcopy?
>
> not really. you can change chflags on a live machine.
How do you do it when there is an elevated securelevel(8)?
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020210221029.A20884>