Date: Tue, 19 Dec 2000 15:17:53 -0500 (EST) From: Rob Simmons <rsimmons@wlcg.com> To: "Victor R. Cardona" <vcardona@home.com> Cc: admin <admin@pacex.net>, freebsd-security@FreeBSD.ORG Subject: Re: Securing FreeBSD against hacking Message-ID: <Pine.BSF.4.21.0012191512210.61532-100000@mail.wlcg.com> In-Reply-To: <3A3FBBCA.9080808@home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
One of the best ways to setup a syslog machine is to not have it on the network and have it listening on its serial port which is connected to the serial port of the machine that is sending the log messages. This is almost impervious to tampering short of someone breaking into your server room. You may even want to set the append only flags to the syslogs on that machine. The only major drawback to this configuration is you will have to check the logs from the console of the syslog machine, so you may want to setup the machine that the logs are coming from to log locally as well as sending the log messages out the serial port to the other machine - basically using the syslog machine as an emergency backup. Robert Simmons Systems Administrator http://www.wlcg.com/ On Tue, 19 Dec 2000, Victor R. Cardona wrote: > admin wrote: > > > 1. How do I setup a dedicated machine to collect data and connection > > attempts to my machines > > I'm not sure if this is what you have in mind, but you could setup > syslog to log to a remote machine. > > > 2. How to implement a notification systems to alert when critical files > > on the server have been tampered with. > > A combination of syslog and tripwire might work here. I have never tried > it myself. > > > 3. How to find out if my machines are REALY CLEAN (some sort of software > > auditing to determine if what is already in the machines is a good > > benchmark for future security audits) > > Tripwire is a file auditing utility. Unfortunately for it to be > effective, you must know that your system is clean. The only way to be > 100% sure would be to run it after a fresh install from protected media, > and before any network connection is made. > > Victor Cardona > vcardona@home.com > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0012191512210.61532-100000>