From owner-freebsd-security  Tue Nov 10 05:44:30 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id FAA23688
          for freebsd-security-outgoing; Tue, 10 Nov 1998 05:44:30 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from unix1.it-datacntr.louisville.edu (unix1.it-datacntr.louisville.edu [136.165.4.27])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA23683
          for <freebsd-security@FreeBSD.ORG>; Tue, 10 Nov 1998 05:44:29 -0800 (PST)
          (envelope-from k.stevenson@louisville.edu)
Received: from homer.louisville.edu (ktstev01@homer.it-datacntr.louisville.edu [136.165.1.20])
	by unix1.it-datacntr.louisville.edu (8.8.8/8.8.7) with ESMTP id IAA20114
	for <freebsd-security@FreeBSD.ORG>; Tue, 10 Nov 1998 08:44:12 -0500
Received: (from ktstev01@localhost)
	by homer.louisville.edu (8.8.8/8.8.8) id IAA16815
	for freebsd-security@FreeBSD.ORG; Tue, 10 Nov 1998 08:44:12 -0500 (EST)
Message-ID: <19981110084411.B13216@homer.louisville.edu>
Date: Tue, 10 Nov 1998 08:44:11 -0500
From: Keith Stevenson <k.stevenson@louisville.edu>
To: freebsd-security@FreeBSD.ORG
Subject: Re: chflags on log files question
References: <Pine.BSF.4.02.9811100729220.14486-100000@orion.webspan.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.93.2i
In-Reply-To: <Pine.BSF.4.02.9811100729220.14486-100000@orion.webspan.net>; from Open Systems Networking on Tue, Nov 10, 1998 at 07:32:28AM -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, Nov 10, 1998 at 07:32:28AM -0500, Open Systems Networking wrote:
> 
> Ok I setup a firewall box running with secure level 3.
> And added the following flags to /var/log files, uappnd and sappnd.
> This should allow syslog to continue to write to the files correct?
> 
> For instance:
> 
> -rw-r--r--  1 root  bin    uappnd,sappnd  6581 Nov  3 01:15 sec-log
> 
> Is where my sshd connections are logged, although why it hasn't logged
> any since the 3rd im still working on. But the flags should still allow
> syslog to write to them correct?

I'm not sure that both flags are necessary.  It is my understanding that the
uappnd flag makes the file append only for non-root users (root can still
manipulate the file), while the sappnd flag stops even root from doing anything
other than appends.

I'm running at securelevel=2 on several of my servers.  I've flagged several
log files (lastlog, messages, wtmp) as schg.  With the exception of lastlog, 
all of these files appear to be updated correctly.

Regards,
--Keith Stevenson--

-- 
Keith Stevenson
System Programmer - Data Center Services - University of Louisville
k.stevenson@louisville.edu
PGP key fingerprint =  4B 29 A8 95 A8 82 EA A2  29 CE 68 DE FC EE B6 A0

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message