Date: Sun, 10 Feb 2002 18:16:00 -0500 From: Bill Vermillion <bv@wjv.com> To: security@FreeBSD.ORG Subject: Re: Is the technique described in this article do-able with Message-ID: <20020210231559.GA2136@wjv.com> In-Reply-To: <bulk.23000.20020210130919@hub.freebsd.org> References: <bulk.23000.20020210130919@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> Date: Sat, 9 Feb 2002 01:31:08 -0800 (PST) > From: "f.johan.beisser" <jan@caustic.org> > Subject: Re: Is the technique described in this article do-able with > > On Sat, 9 Feb 2002, Andrew Kenneth Milton wrote: > > | actually, if you're going that route, it's easier to strip > > | the kernel down, lock everything nicely with a securelevel > > | (read up in init(8) about this), and remount all of the drives > > | read only. there's nothing preventing anyone from doing that. > > | there's also nothing to prevent you from booting from a drive, > > | and loading all the tools you need in to a ramdisk, and just > > | using that.. > > | of course, this is going a bit more hardcore than most people > > | want or would. > > But saner than trying to get the box to partially halt d8) > perhaps. i think it's a sane way to handle a firewall. if you're > going to log it, you should be logging either to another machine > or to a printer for hardcopy. better to do both, since the > hardcopy is not really alterable. but this is not something for > the home user.. Hardcopy is fairly hard to search with a text editor though :-) If you worry about the logs being alterable - and you did suggest logging to a second machine - then you have a real problem with security I'd guess. You could always run chflags on the logging machine to make the logs append only. Wouldn't that take care of the problem of being alterable without having to use hardcopy? -- Bill Vermillion - bv @ wjv . com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020210231559.GA2136>