Date: Mon, 12 Jul 2010 16:41:05 -0700 From: Xin LI <delphij@delphij.net> To: Fernan Aguero <fernan.aguero@gmail.com> Cc: freebsd-security@freebsd.org Subject: Re: disable (new)syslog rotation and raise securelevel ... possible? Message-ID: <4C3BA811.1000108@delphij.net> In-Reply-To: <AANLkTim1YqSOu5i_5TPZ57OvNBLBYu8wc7adJBX1urTF@mail.gmail.com>
index | next in thread | previous in thread | raw e-mail
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2010/07/12 11:04, Fernan Aguero wrote: > Hi, > > I'd like to harden my FreeBSD installation, and thus would like to, e.g. > > i) chflags sappnd /var/log/* > ii) raise the securelevel of the system > > Is this possible? I've read elsewhere that newsyslog would not work in > such a system ... what are the possible workarounds? > > I wouldn't bother taking the system down once a week or every other > week, and manually lowering the securelevel, running newsyslog, etc. > Is there a guide somewhere on how to go about this? Speaking for your question, disabling newsyslog can be done by removing the corresponding line in your /etc/crontab. However, the use of system flags is usually dangerous, I don't really consider them as very useful mechanisms for hardening your installation. Logging remotely to a dedicated and secured central logging server could be a better (as long as you have control to your internal network) alternative, since the attacker has to take down two systems, rather than one, in order to erase their foot prints. Cheers, - -- Xin LI <delphij@delphij.net> http://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.15 (FreeBSD) iQEcBAEBCAAGBQJMO6gRAAoJEATO+BI/yjfByF8IAI4qPKWNJhMqgs/QAk609FTV CTTy96jBi+jUWMq8pek8G8fI1TYV2B2wOhPm8qrq5HSyqdNs+NeSS1WVLhynCu7F xK9ewsa+XBeZlASIbA2fqCT4oktASMAlD7XgMlMqbAo2nhMzyngHL+nqD6UZoC/n IomRwK30W1VTGU1YnY0pMvH5nGrK7+hBqniivwNSijy02zLzjA9mwwH+sTzcDLX9 gucpoDCdmlZcQIWHUWEHFFRoZH9VDlm1UHMmwCSZzy6QEWGiPk4nFH9+EfxMPozU seWZfrHrw1EwGaqizKDSnlMb6eVFhUWmz2hVAZqxol8Yu6JyXBAsgRXvLWI8kME= =5taC -----END PGP SIGNATURE-----home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4C3BA811.1000108>