Date: Thu, 10 Dec 1998 16:18:43 -0600 From: William McVey <wam@sa.fedex.com> To: James Wyatt <jwyatt@rwsystr.rwsystems.net> Cc: Jim Yuill <jjyuill@eos.ncsu.edu>, FREEBSD-SECURITY@FreeBSD.ORG, ksb@sa.fedex.com Subject: Re: append-only devices for logging Message-ID: <199812102218.QAA09114@s07.sa.fedex.com>
next in thread | raw e-mail | index | archive | help
> I've been looking for an append-only device for logging, which a remote > hacker (with root access) can not erase or alter. Other than a > line-printer, are there any such devices that actually work with Unix? I highly recommend syslogging to a serial device connected to seperate machine running the console server package available at: ftp://ftp.physics.purdue.edu/pub/pundits/conserver-7.4.tgz (There is a precompiled version of this application in the PORTS collection; however, it is outdated). The conserver package can be configured to do lots of stuff. It is typically used to manage serial interfaces for "headless" console access to a Unix box, but if the conserver is connected to a host which is logging to its serial device, you get what you want. The conserver logs all input it sees to logfiles local to the conserver (which wouldn't be available to the machine being monitored). -- William To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199812102218.QAA09114>