Re: Is the technique described in this article do-able with
From: Crist J. Clark (cjc@FreeBSD.ORG)
Date: 02/11/02
- Next message: Ceri Storey: "Re: Is the technique described in this article do-able with FreeBSD + ipf?"
- Previous message: Bill Vermillion: "Re: Is the technique described in this article do-able with"
- Maybe in reply to: Brett Glass: "Is the technique described in this article do-able with"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 10 Feb 2002 22:10:29 -0800 From: "Crist J. Clark" <cjc@FreeBSD.ORG> To: "f.johan.beisser" <jan@caustic.org>
On Sun, Feb 10, 2002 at 07:18:31PM -0800, f.johan.beisser wrote:
> On Sun, 10 Feb 2002, Bill Vermillion wrote:
>
> > Hardcopy is fairly hard to search with a text editor though :-)
>
> 2 copies. one electronic, so you can do a grep on it :)
>
> > If you worry about the logs being alterable - and you did suggest
> > logging to a second machine - then you have a real problem with
> > security I'd guess. You could always run chflags on the logging
> > machine to make the logs append only. Wouldn't that take care
> > of the problem of being alterable without having to use hardcopy?
>
> not really. you can change chflags on a live machine.
How do you do it when there is an elevated securelevel(8)?
-- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
- Next message: Ceri Storey: "Re: Is the technique described in this article do-able with FreeBSD + ipf?"
- Previous message: Bill Vermillion: "Re: Is the technique described in this article do-able with"
- Maybe in reply to: Brett Glass: "Is the technique described in this article do-able with"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
