Re: disable (new)syslog rotation and raise securelevel ... possible?



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 2010/07/12 11:04, Fernan Aguero wrote:
Hi,

I'd like to harden my FreeBSD installation, and thus would like to, e.g.

i) chflags sappnd /var/log/*
ii) raise the securelevel of the system

Is this possible? I've read elsewhere that newsyslog would not work in
such a system ... what are the possible workarounds?

I wouldn't bother taking the system down once a week or every other
week, and manually lowering the securelevel, running newsyslog, etc.
Is there a guide somewhere on how to go about this?

Speaking for your question, disabling newsyslog can be done by removing
the corresponding line in your /etc/crontab.

However, the use of system flags is usually dangerous, I don't really
consider them as very useful mechanisms for hardening your installation.
Logging remotely to a dedicated and secured central logging server
could be a better (as long as you have control to your internal network)
alternative, since the attacker has to take down two systems, rather
than one, in order to erase their foot prints.

Cheers,
- --
Xin LI <delphij@xxxxxxxxxxx> http://www.delphij.net/
FreeBSD - The Power to Serve! Live free or die
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (FreeBSD)

iQEcBAEBCAAGBQJMO6gRAAoJEATO+BI/yjfByF8IAI4qPKWNJhMqgs/QAk609FTV
CTTy96jBi+jUWMq8pek8G8fI1TYV2B2wOhPm8qrq5HSyqdNs+NeSS1WVLhynCu7F
xK9ewsa+XBeZlASIbA2fqCT4oktASMAlD7XgMlMqbAo2nhMzyngHL+nqD6UZoC/n
IomRwK30W1VTGU1YnY0pMvH5nGrK7+hBqniivwNSijy02zLzjA9mwwH+sTzcDLX9
gucpoDCdmlZcQIWHUWEHFFRoZH9VDlm1UHMmwCSZzy6QEWGiPk4nFH9+EfxMPozU
seWZfrHrw1EwGaqizKDSnlMb6eVFhUWmz2hVAZqxol8Yu6JyXBAsgRXvLWI8kME=
=5taC
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"