From owner-freebsd-security@FreeBSD.ORG  Tue Jan 15 00:18:03 2008
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7C9DF16A49E
	for <freebsd-security@freebsd.org>;
	Tue, 15 Jan 2008 00:18:03 +0000 (UTC)
	(envelope-from jan.muenther@nruns.com)
Received: from moutng.kundenserver.de (moutng.kundenserver.de
	[212.227.126.177])
	by mx1.freebsd.org (Postfix) with ESMTP id 0C30E13C4D3
	for <freebsd-security@freebsd.org>;
	Tue, 15 Jan 2008 00:18:02 +0000 (UTC)
	(envelope-from jan.muenther@nruns.com)
Received: from [127.0.0.1] (port-212-202-210-187.dynamic.qsc.de
	[212.202.210.187])
	by mrelayeu.kundenserver.de (node=mrelayeu5) with ESMTP (Nemesis)
	id 0ML25U-1JEZVA06VX-000439; Tue, 15 Jan 2008 01:18:00 +0100
Message-ID: <478BFBB5.7000100@nruns.com>
Date: Tue, 15 Jan 2008 01:17:57 +0100
From: =?ISO-8859-1?Q?Jan_M=FCnther?= <jan.muenther@nruns.com>
User-Agent: Thunderbird 2.0.0.9 (Windows/20071031)
MIME-Version: 1.0
To: Tim Clewlow <tim1timau@yahoo.com>
References: <965729.35921.qm@web50310.mail.re2.yahoo.com>
In-Reply-To: <965729.35921.qm@web50310.mail.re2.yahoo.com>
X-Enigmail-Version: 0.95.6
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Provags-ID: V01U2FsdGVkX1+/R43ejE+Mc/Z0RLCP0/UkLAW+Z4Cij4/XIgT
	QA8JnVjRq9FQE4rjhAvHM6WBJdKt1jgccaX0BcN+3tggd2uLlx
	dOSLgiWP/QBj1lTkT6/ZZ6emAsolJE3Pbl23oy1cGs=
Cc: Dan Lukes <dan@obluda.cz>, freebsd security <freebsd-security@freebsd.org>
Subject: Re: Anti-Rootkit app
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Jan 2008 00:18:03 -0000

Tim Clewlow schrieb:
>
> One solution would be to have /var/log/auth.log being tailed out via a serial
> port to another computer that is not accessable via a network - or have it sent
> to a printer for a permanent hard-copy. It all depends on how much you really
> want to do in regard to security.
>   

A good practice is running a log host which has a cable that has only RX 
wires connected.

Cheers,
Jan

-- 
Jan Muenther, CTO Security, n.runs AG