secure UNIX log server
From: fanny (fannysaunders@yahoo.com)Date: 05/28/02
- Next message: Richard L. Hamilton: "Re: secure UNIX log server"
- Previous message: Jason Baugher: "Re: what ports does sendmail /popper use?"
- Next in thread: Richard L. Hamilton: "Re: secure UNIX log server"
- Reply: Richard L. Hamilton: "Re: secure UNIX log server"
- Reply: Trueblood: "Re: secure UNIX log server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: fannysaunders@yahoo.com (fanny) Date: 28 May 2002 10:57:38 -0700
I am defining policy and procedures for my company to collect, store
and review UNIX logs. We are storing them a seperate UNIX "log
server" and locally on servers. The log server is physcially secured
and limited in who can log in but I am still concerned that the logs
could be erased by someone who compromised the root account or by a
UNIX administrators authorized to use the root acount.
The only answer I have come up with is to take root away from the UNIX
administrators on the log server and give it to the Security team.
Then UNIX admins have root on individuals servers but not on the log.
Politically, taking root away from the UNIX admins, even on one
server, could be impossible. I could have all logs sent to a Windows
2000 server instead. Do I have any other alternatives? Are there any
security engineers out there who have come up with a good solution to
this problem? thanks in advance,
Fanny
- Next message: Richard L. Hamilton: "Re: secure UNIX log server"
- Previous message: Jason Baugher: "Re: what ports does sendmail /popper use?"
- Next in thread: Richard L. Hamilton: "Re: secure UNIX log server"
- Reply: Richard L. Hamilton: "Re: secure UNIX log server"
- Reply: Trueblood: "Re: secure UNIX log server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
