From owner-freebsd-security  Thu Dec 10 23:21:46 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id XAA27864
          for freebsd-security-outgoing; Thu, 10 Dec 1998 23:21:46 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from hillbilly.hayseed.net (dnai-207-181-249-194.dsl.dnai.com [207.181.249.194])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA27859
          for <FREEBSD-SECURITY@FreeBSD.ORG>; Thu, 10 Dec 1998 23:21:44 -0800 (PST)
          (envelope-from enkhyl@scient.com)
Received: from localhost (IDENT:root@localhost [127.0.0.1])
	by hillbilly.hayseed.net (8.9.1/8.8.5) with ESMTP id XAA10978;
	Thu, 10 Dec 1998 23:21:26 -0800
Date: Thu, 10 Dec 1998 23:21:31 -0800 (PST)
From: Christopher Nielsen <enkhyl@scient.com>
X-Sender: enkhyl@ender.sf.scient.com
Reply-To: Christopher Nielsen <cnielsen@pobox.com>
To: Jim Yuill <jjyuill@eos.ncsu.edu>
cc: FREEBSD-SECURITY@FreeBSD.ORG
Subject: Re: append-only devices for logging
In-Reply-To: <3.0.5.32.19981209194955.009414b0@pop-in.ncsu.edu>
Message-ID: <Pine.BSF.4.05.9812102317180.26931-100000@ender.sf.scient.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Wed, 9 Dec 1998, Jim Yuill wrote:

> >Subject: Re: append-only devices for logging
> >
> >At 06:53 PM 12/9/98 -0500, you wrote:
> >>I've been looking for an append-only device for logging, which a remote
> >>hacker (with root access) can not erase or alter.  Other than a
> >>line-printer, are there any such devices that actually work with Unix?  
> >
> >How about a serial line to a non-networked PC which just logs to a local
> >disk? We're going to be setting up something like this with a multiport
> >card to monitor a bunch of servers.
> >
> >
> 
> Will you use uucp to handle the serial comm?

Something akin to this was discussed on the cryptography mailing list
recently. The result was a suggestion of using xmodem over a serial line.
The response is below.

>I contend that an xmodem transfer of the file is as secure as a floppy
>disk transfer.  The truly paranoid would insert a PIC chip which
>enforces that only the xmodem protocol could transit the wire, and
>then in only one direction.


-- 
Christopher Nielsen
Scient: The eBusiness Systems Innovator
<http://www.scient.com>
cnielsen@scient.com



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message