[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Followup: Syslog




 Il giorno Fri, Apr 13 in un momento di profonda ispirazione
 Micah Anderson scrisse riguardo a " Re: Followup: Syslog ":


> One additional tweak which falls into line with the security setups, that I
> think is a good idea is to made the log files in /var/log to be chattr +a
> (append only) so logfiles cannot be modified or removed altogether to cover
> up tracks. This isn't the the biggest security trick because all it does is
> make it if you don't know about chattr then you can't install a trojan. If

It's indeed *too* trivial.
I'd suggest using LIDS for such things.
For those who don't know it, it's a kernel patch which adds capabilities
support. It makes impossible to delete logs 'cause in order to disable
"append only" you should reboot with a kernel without lids, but lids forbids
rebooting unless the admin is logged from a local console.


-- 
Luca Gibelli (l.gibelli@oltrelinux.com || luca@azzurranet.org)
PGP Fingerprint: EC7C D6D2 D754 89F8 BDE8  8924 6341 3B07 C2F3 9102
PGP Key Available on: Key Servers || http://gibelli.oltrelinux.com/gibelli.asc

BOFH excuse 208:
 Traffic jam on the Information Superhighway.

Attachment: pgpYw8G6EIWZ6.pgp
Description: PGP signature


Reply to: