Date: Thu, 10 Dec 1998 12:33:20 -0600 (CST) From: James Wyatt <jwyatt@rwsystr.RWSystems.net> To: Jim Yuill <jjyuill@eos.ncsu.edu> Cc: FREEBSD-SECURITY@FreeBSD.ORG Subject: Re: append-only devices for logging Message-ID: <Pine.LNX.3.91.981210122506.24133A-100000@rwsystr.RWSystems.net> In-Reply-To: <3.0.5.32.19981209185323.0093dc90@pop-in.ncsu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 9 Dec 1998, Jim Yuill wrote:
> I've been looking for an append-only device for logging, which a remote
> hacker (with root access) can not erase or alter. Other than a
> line-printer, are there any such devices that actually work with Unix?
>
> >From what I understand, a write-once CD has restricted writing capability
> that would make it unsuitable for logging.
We've configured a machine (at another customer's site) to write logs to
a serial port that a second machine sucks-up and writes to a hard drive.
It was just running ProComm+ for DOS in ASCII-file-download mode. Since
it was DOS, remote logins were not an issue.
Nowadays I would likely use a stripped-down FreeBSD box and cat (or
minicom) the serial port to a file. It *could* be configured with a small
web server (no CGI) to write the files to HTML-space for remote reading,
but disallow *any* other remote access.
I've also done something similar with PBX SMDR output to a LAN drive for
a custom (homebrew you get paid for 8{) call-accounting package. Hope
this helps someone - Jy@ (jwyatt@rwsystems.net)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.3.91.981210122506.24133A-100000>