Date: Mon, 11 Mar 2002 22:00:41 +0100 From: "Rogier R. Mulhuijzen" <drwilco@drwilco.net> To: freebsd-hackers@FreeBSD.ORG Subject: RE: logging securelevel violations Message-ID: <5.1.0.14.0.20020311220030.01c3ace0@mail.drwilco.net>
next in thread | raw e-mail | index | archive | help
>I think this would be useful, but I would be concerned about the rate at
>which these messages could come when someone is actively attacking a system.
>Perhaps such messages could go through a rate limiter mechanism similar to
>that now used by the network interfaces.
syslogd already has a "last message repeated N times"
Also most things you do that are negated by securelevel you can only do as
root, so I don't see how someone without elevated privileges could fill up
your logs with these messages anyway. These audit messages could be a nice
way of finding out that someone has root when they shouldn't. And if root
is compromised you have bigger things to worry about then overflowing log
files.
I personally think this would be very useful. Maybe supply a sysctl for
turning on and off. And for the newbies in the house turn it on by default.
That way the "Why can't I get this to work?" caused by securelevel settings
would be answered a lot quicker.
I'm still a junior kernel hacker myself, but I'd say this would be a
perfect junior kernel hacker project.
Doc
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.0.20020311220030.01c3ace0>