From owner-freebsd-security  Tue Nov 10 10:18:26 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id KAA26029
          for freebsd-security-outgoing; Tue, 10 Nov 1998 10:18:26 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from shell6.ba.best.com (shell6.ba.best.com [206.184.139.137])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA26021
          for <freebsd-security@FreeBSD.ORG>; Tue, 10 Nov 1998 10:18:25 -0800 (PST)
          (envelope-from jkb@shell6.ba.best.com)
Received: (from jkb@localhost)
	by shell6.ba.best.com (8.9.0/8.9.0/best.sh) id KAA28248;
	Tue, 10 Nov 1998 10:16:24 -0800 (PST)
Message-ID: <19981110101623.A27769@best.com>
Date: Tue, 10 Nov 1998 10:16:23 -0800
From: "Jan B. Koum " <jkb@best.com>
To: Keith Stevenson <k.stevenson@louisville.edu>, freebsd-security@FreeBSD.ORG
Subject: Re: chflags on log files question
References: <Pine.BSF.4.02.9811100729220.14486-100000@orion.webspan.net> <19981110084411.B13216@homer.louisville.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.93.2i
In-Reply-To: <19981110084411.B13216@homer.louisville.edu>; from Keith Stevenson on Tue, Nov 10, 1998 at 08:44:11AM -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, Nov 10, 1998 at 08:44:11AM -0500, Keith Stevenson <k.stevenson@louisville.edu> wrote:
> On Tue, Nov 10, 1998 at 07:32:28AM -0500, Open Systems Networking wrote:
> > 
> > Ok I setup a firewall box running with secure level 3.
> > And added the following flags to /var/log files, uappnd and sappnd.
> > This should allow syslog to continue to write to the files correct?
> > 
> > For instance:
> > 
> > -rw-r--r--  1 root  bin    uappnd,sappnd  6581 Nov  3 01:15 sec-log
> > 
> > Is where my sshd connections are logged, although why it hasn't logged
> > any since the 3rd im still working on. But the flags should still allow
> > syslog to write to them correct?
> 
> I'm not sure that both flags are necessary.  It is my understanding that the
> uappnd flag makes the file append only for non-root users (root can still
> manipulate the file), while the sappnd flag stops even root from doing anything
> other than appends.
> 
> I'm running at securelevel=2 on several of my servers.  I've flagged several
> log files (lastlog, messages, wtmp) as schg.  With the exception of lastlog, 
> all of these files appear to be updated correctly.
> 

	With securelevel of 3 one can not change ipfw rules. Which is why
	that is a better level for firewall then 2 :)

-- Yan

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message