Date: Tue, 24 Oct 2023 10:45:40 -0700 From: Cy Schubert <Cy.Schubert@cschubert.com> To: void <void@f-m.fm> Cc: freebsd-security@freebsd.org Subject: Re: securelevel 1 Message-ID: <20231024174540.1936912D@slippy.cwsent.com> In-Reply-To: <35f733cc-a6c2-46a4-b564-b1ef87893fc5@app.fastmail.com> References: <ZTeaGFZjvcsKfbOW@int21h> <6638DADD-FCDB-492C-B1E8-441C6622038B@FreeBSD.org> <663fd243-94ec-40c1-ac66-ca8e3d5f278d@quip.cz> <35f733cc-a6c2-46a4-b564-b1ef87893fc5@app.fastmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <35f733cc-a6c2-46a4-b564-b1ef87893fc5@app.fastmail.com>, void writes : > On Tue, 24 Oct 2023, at 11:31, Miroslav Lachman wrote: > > > root@neon ~/ # find -s -x / -flags +schg,sappnd > > /.sujournal > > /lib/libc.so.7 > > /lib/libcrypt.so.5 > > /lib/libthr.so.3 > > /libexec/ld-elf.so.1 > > /libexec/ld-elf32.so.1 > > /sbin/init > > /usr/bin/chpass > > /usr/bin/crontab > > /usr/bin/login > > /usr/bin/opieinfo > > /usr/bin/opiepasswd > > /usr/bin/passwd > > /usr/bin/su > > /usr/lib/librt.so.1 > > /usr/lib32/libc.so.7 > > /usr/lib32/libcrypt.so.5 > > /usr/lib32/librt.so.1 > > /usr/lib32/libthr.so.3 > > /var/empty > > > > Log files are not protected. > > Thanks for explaining. > > The reason for setting the securelevel to 1 would be so that the log files ca > n't > be modified/deleted. So I'm glad you explained that because I didn't twig > the securelevel only disallows changing flags and the log files weren't prote > cted. > > In order to accomplish what I'd like, I understand that I'd need to set +schg > on the individual logs, then set the securelevel afterwards and reboot. > > But if this is done, it seems there's no way (at least directly) for the log > file to be rotated? > What a lot of large enterprises do is send logs off machine. A *.* log to @IP or an agent does the same thing. The remote logging server also has software to allow one to search the logs for a machine or multiple machines allowing one to correlate messages across the network. For server admins logging into each server individually, correlating logs can be time consuming and a little challenging as one must keep a lot of information in mind when working with multiple machines. But with logs sent to a single server a person can use software designed to correlate logs. -- Cheers, Cy Schubert <Cy.Schubert@cschubert.com> FreeBSD UNIX: <cy@FreeBSD.org> Web: https://FreeBSD.org NTP: <cy@nwtime.org> Web: https://nwtime.org e^(i*pi)+1=0
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20231024174540.1936912D>