From owner-freebsd-security Mon Jul 28 06:43:39 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id GAA06673 for security-outgoing; Mon, 28 Jul 1997 06:43:39 -0700 (PDT) Received: from homeport.org (lighthouse.homeport.org [205.136.65.198]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id GAA06664 for ; Mon, 28 Jul 1997 06:43:32 -0700 (PDT) Received: (adam@localhost) by homeport.org (8.8.5/8.6.9) id JAA03478; Mon, 28 Jul 1997 09:40:15 -0400 (EDT) From: Adam Shostack Message-Id: <199707281340.JAA03478@homeport.org> Subject: Re: secure logging (was: Re: security hole in FreeBSD) In-Reply-To: <199707281312.JAA17812@burgundy.eecs.harvard.edu> from David Holland at "Jul 28, 97 09:12:37 am" To: dholland@eecs.harvard.edu (David Holland) Date: Mon, 28 Jul 1997 09:40:14 -0400 (EDT) Cc: robert@cyrus.watson.org, security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL27 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk | I don't know of any; if you run across one or are thinking about | designing one, please post or mail... absent any other readily | available secure mechanism probably the best bet is to carry log data | over ssh. Of course, this doesn't solve the denial of service issue as | anyone with a login can spam the local syslog. I've been working on a draft set of requirements--very drafty, but since the subject came up, I'll share & ask for feedback. Requirements Reliability: The system must make substantial efforts to not lose information. Network Requirements TCP based Application sequencing with explicit ack before sender deletes Application Reliability NO data discarding Solid message handling locally-messages kept until discard Repeated message management (?) Portability External Alerting External Intrusion Detection linking -- "It is seldom that liberty of any kind is lost all at once." -Hume