Date: Thu, 10 Dec 1998 09:53:19 +0000 (GMT) From: Jay Tribick <netadmin@fastnet.co.uk> To: "Jan B. Koum " <jkb@best.com> Cc: security@FreeBSD.ORG Subject: Re: append-only devices for logging Message-ID: <Pine.BSF.4.05.9812100951220.9677-100000@bofh.fast.net.uk> In-Reply-To: <19981210014711.A3541@best.com>
next in thread | previous in thread | raw e-mail | index | archive | help
| > | > I've been looking for an append-only device for logging, which a remote | > | > hacker (with root access) can not erase or alter. Other than a | > | > line-printer, are there any such devices that actually work with Unix? | > | | > | <snip> | > | which requires physical access to the console for single user mode | > | operation. | > | > True but if they have root then they can quite easily alter /etc/rc.local | > (or wherever your using to run sysctl) so that it doesn't alter the | > securelevel and then just reboot the machine. Their other option would be | > to launch something like sshd and then boot the system down to single user | > mode[1]. | > | > [1] probly won't work, haven't woken up yet.. | Well.. one should in theory notice their security critical | box reboot and do some further investigation... So your security standpoint is "Oh, look.. the uptime's only a couple of hours"[1] ? :) [1] doesn't apply to NT sysadmins ;) Regards, Jay Tribick <netadmin@fastnet.co.uk> -- [| Network Admin | FastNet International | http://fast.net.uk/ |] [| Finger netadmin@fastnet.co.uk for contact info & PGP PubKey |] [| +44 (0)1273 T: 677633 F: 621631 e: netadmin@fast.net.uk |] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9812100951220.9677-100000>