Date: Tue, 10 Nov 1998 08:44:11 -0500 From: Keith Stevenson <k.stevenson@louisville.edu> To: freebsd-security@FreeBSD.ORG Subject: Re: chflags on log files question Message-ID: <19981110084411.B13216@homer.louisville.edu> In-Reply-To: <Pine.BSF.4.02.9811100729220.14486-100000@orion.webspan.net>; from Open Systems Networking on Tue, Nov 10, 1998 at 07:32:28AM -0500 References: <Pine.BSF.4.02.9811100729220.14486-100000@orion.webspan.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Nov 10, 1998 at 07:32:28AM -0500, Open Systems Networking wrote: > > Ok I setup a firewall box running with secure level 3. > And added the following flags to /var/log files, uappnd and sappnd. > This should allow syslog to continue to write to the files correct? > > For instance: > > -rw-r--r-- 1 root bin uappnd,sappnd 6581 Nov 3 01:15 sec-log > > Is where my sshd connections are logged, although why it hasn't logged > any since the 3rd im still working on. But the flags should still allow > syslog to write to them correct? I'm not sure that both flags are necessary. It is my understanding that the uappnd flag makes the file append only for non-root users (root can still manipulate the file), while the sappnd flag stops even root from doing anything other than appends. I'm running at securelevel=2 on several of my servers. I've flagged several log files (lastlog, messages, wtmp) as schg. With the exception of lastlog, all of these files appear to be updated correctly. Regards, --Keith Stevenson-- -- Keith Stevenson System Programmer - Data Center Services - University of Louisville k.stevenson@louisville.edu PGP key fingerprint = 4B 29 A8 95 A8 82 EA A2 29 CE 68 DE FC EE B6 A0 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981110084411.B13216>