[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Followup: Syslog

--On Friday, April 13, 2001 3:40 PM -0700 Micah Anderson <micah@riseup.net> hath wrote:

| One additional tweak which falls into line with the security setups, that
| I think is a good idea is to made the log files in /var/log to be chattr
| +a (append only) so logfiles cannot be modified or removed altogether to
| cover up tracks. This isn't the the biggest security trick because all it
| does is make it if you don't know about chattr then you can't install a
| trojan. If you've got root then removing the immutability flags is
| trivial, but only if you know how to, or even know they exist. But it has
| kept the lower-level admins at a site I work at from modifying the
| logfiles, which is against policy.

if you want a real way to do this (more than just obscuring what you've done) go get one of those old dot-matrix printers with fanfold paperfeed and dump your logs to it in addition to the one on drive. Keep it in a secured room.


Reply to: