Date: Tue, 10 Nov 1998 10:16:23 -0800 From: "Jan B. Koum " <jkb@best.com> To: Keith Stevenson <k.stevenson@louisville.edu>, freebsd-security@FreeBSD.ORG Subject: Re: chflags on log files question Message-ID: <19981110101623.A27769@best.com> In-Reply-To: <19981110084411.B13216@homer.louisville.edu>; from Keith Stevenson on Tue, Nov 10, 1998 at 08:44:11AM -0500 References: <Pine.BSF.4.02.9811100729220.14486-100000@orion.webspan.net> <19981110084411.B13216@homer.louisville.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Nov 10, 1998 at 08:44:11AM -0500, Keith Stevenson <k.stevenson@louisville.edu> wrote: > On Tue, Nov 10, 1998 at 07:32:28AM -0500, Open Systems Networking wrote: > > > > Ok I setup a firewall box running with secure level 3. > > And added the following flags to /var/log files, uappnd and sappnd. > > This should allow syslog to continue to write to the files correct? > > > > For instance: > > > > -rw-r--r-- 1 root bin uappnd,sappnd 6581 Nov 3 01:15 sec-log > > > > Is where my sshd connections are logged, although why it hasn't logged > > any since the 3rd im still working on. But the flags should still allow > > syslog to write to them correct? > > I'm not sure that both flags are necessary. It is my understanding that the > uappnd flag makes the file append only for non-root users (root can still > manipulate the file), while the sappnd flag stops even root from doing anything > other than appends. > > I'm running at securelevel=2 on several of my servers. I've flagged several > log files (lastlog, messages, wtmp) as schg. With the exception of lastlog, > all of these files appear to be updated correctly. > With securelevel of 3 one can not change ipfw rules. Which is why that is a better level for firewall then 2 :) -- Yan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981110101623.A27769>