Date: Mon, 28 Jul 1997 08:55:23 -0700 (PDT) From: "Rodney W. Grimes" <rgrimes@GndRsh.aac.dev.com> To: adam@homeport.org (Adam Shostack) Cc: dholland@eecs.harvard.edu, robert@cyrus.watson.org, security@FreeBSD.ORG Subject: Re: secure logging (was: Re: security hole in FreeBSD) Message-ID: <199707281555.IAA17841@GndRsh.aac.dev.com> In-Reply-To: <199707281340.JAA03478@homeport.org> from Adam Shostack at "Jul 28, 97 09:40:14 am"
next in thread | previous in thread | raw e-mail | index | archive | help
> | I don't know of any; if you run across one or are thinking about > | designing one, please post or mail... absent any other readily > | available secure mechanism probably the best bet is to carry log data > | over ssh. Of course, this doesn't solve the denial of service issue as > | anyone with a login can spam the local syslog. > > I've been working on a draft set of requirements--very drafty, but > since the subject came up, I'll share & ask for feedback. > > > Requirements > > Reliability: The system must make substantial efforts to not > lose information. > > Network Requirements > TCP based > Application sequencing with explicit ack before sender deletes How are you going to handle the log server going away and coming back?? > Application Reliability > NO data discarding > Solid message handling locally-messages kept until discard > Repeated message management (?) > > Portability > External Alerting > External Intrusion Detection linking Security: The data over the network must be unreadable unless a secret is known. Syslog data can contain confidential information. How about just converting syslog/syslogd to handle a kerberized t/tcp connection?? -- Rod Grimes rgrimes@gndrsh.aac.dev.com Accurate Automation, Inc. Reliable computers for FreeBSD
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199707281555.IAA17841>