Date: Mon, 28 Jul 1997 12:04:52 -0400 (EDT) From: Adam Shostack <adam@homeport.org> To: rgrimes@GndRsh.aac.dev.com (Rodney W. Grimes) Cc: adam@homeport.org, dholland@eecs.harvard.edu, robert@cyrus.watson.org, security@FreeBSD.ORG Subject: Re: secure logging (was: Re: security hole in FreeBSD) Message-ID: <199707281604.MAA04611@homeport.org> In-Reply-To: <199707281555.IAA17841@GndRsh.aac.dev.com> from "Rodney W. Grimes" at "Jul 28, 97 08:55:23 am"
next in thread | previous in thread | raw e-mail | index | archive | help
Rodney W. Grimes wrote: | > Reliability: The system must make substantial efforts to not | > lose information. | > | > Network Requirements | > TCP based | > Application sequencing with explicit ack before sender deletes | | How are you going to handle the log server going away and coming back?? The client will have to queue messages. Its possible that TCP message queueing will handle this, its also possible that the application will need some retransmit smarts, which would be unfortunate, since it adds a good deal of complexity. Should there be a capability for multiple log servers (like mail?) | > Application Reliability | > NO data discarding | > Solid message handling locally-messages kept until discard | > Repeated message management (?) | > | > Portability | > External Alerting | > External Intrusion Detection linking | | Security: The data over the network must be unreadable | unless a secret is known. Syslog data can contain | confidential information. Is confidentiality or authenticity important? For my purposes, its authentication. Should we simply allow the use of IPsec or SSH port forwarding for confidentiality and authentication? It cuts complexity substantially. | How about just converting syslog/syslogd to handle a kerberized | t/tcp connection?? Syslog still discards data when its local daemon cache gets too full. It discards data when forwarding messages from host a via host B to host C. (Yes, real case.) It loses priority and type when putting messages into files Not that kerberizing a TCP based syslog would be bad, I just don't think its sufficient. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199707281604.MAA04611>