From owner-freebsd-questions Wed Jan 2 7:37:42 2002 Delivered-To: freebsd-questions@freebsd.org Received: from lurza.secnetix.de (lurza.secnetix.de [212.66.1.130]) by hub.freebsd.org (Postfix) with ESMTP id 2C76237B416 for ; Wed, 2 Jan 2002 07:37:39 -0800 (PST) Received: (from olli@localhost) by lurza.secnetix.de (8.11.6/8.11.6) id g02Fbj658803; Wed, 2 Jan 2002 16:37:45 +0100 (CET) (envelope-from oliver.fromme@secnetix.de) Date: Wed, 2 Jan 2002 16:37:45 +0100 (CET) Message-Id: <200201021537.g02Fbj658803@lurza.secnetix.de> From: Oliver Fromme To: freebsd-questions@FreeBSD.ORG Reply-To: freebsd-questions@FreeBSD.ORG Subject: Re: MOTD -- Warning banners In-Reply-To: X-Newsgroups: list.freebsd-questions User-Agent: tin/1.5.4-20000523 ("1959") (UNIX) (FreeBSD/4.4-RELEASE (i386)) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Jan Grant wrote: > On Wed, 2 Jan 2002, Cliff Sarginson wrote: > > Any way if he does > > # cd / > > # rm -rf * > > > > Recording it isn't going to be much of a comfort. > > That's what securelevels (and/or remote loghosts) are for. Furthermore, you can also log to a remote system, so the attacker would have to find and hack that one, too, in order to remove all traces. Finally, if you're _really_ paranoid, you can copy syslog onto a hardcopy printer. One of those fast dotpin line printers, so you can easily detect a DoS attack by the increased noise level. ;-) Regards Oliver -- Oliver Fromme, secnetix GmbH & Co KG, Oettingenstr. 2, 80538 München Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. "All that we see or seem is just a dream within a dream" (E. A. Poe) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message