Date: Sun, 21 Jan 2001 03:00:05 -0800 (PST) From: Andrea Campi <andrea@webcom.it> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/24444: syslogd(8) does not update hostname Message-ID: <200101211100.f0LB05D26016@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/24444; it has been noted by GNATS.
From: Andrea Campi <andrea@webcom.it>
To: Dag-Erling Smorgrav <des@ofug.org>
Cc: cjclark@alum.mit.edu, FreeBSD-gnats-submit@FreeBSD.ORG,
current@FreeBSD.ORG
Subject: Re: bin/24444: syslogd(8) does not update hostname
Date: Sun, 21 Jan 2001 11:51:22 +0100
> the hostname, one being a syscall and the other being a sysctl. One
> could of course have the kernel print a message to the console about
> it, syslogd(8) would pick that up.
Yes, I was about to propose this, but then I thought: why? If we go this way,
then we should definitely also log an IP address change, maybe even our default
router change MAC address... why not even hardware changes since last reboot?
Working in a security job, I can understand worries about important events
going unnoticed. But doing this in kernel is IMHO overkill, maybe it could be
interesting for TrustetBSD, but not in the normal kernel; at least, it should
be configurable at both compile time and runtime (high securelevel and/or a
sysctl).
The Right Way (tm) to do this is to use (or write) an host intrusion detection
system.
Having said this, the proposed patch looks fine to me and I think it should be
committed.
Bye,
Andrea
--
Speak softly and carry a cellular phone.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200101211100.f0LB05D26016>