Il giorno Fri, Apr 13 in un momento di profonda ispirazione Micah Anderson scrisse riguardo a " Re: Followup: Syslog ": > One additional tweak which falls into line with the security setups, that I > think is a good idea is to made the log files in /var/log to be chattr +a > (append only) so logfiles cannot be modified or removed altogether to cover > up tracks. This isn't the the biggest security trick because all it does is > make it if you don't know about chattr then you can't install a trojan. If It's indeed *too* trivial. I'd suggest using LIDS for such things. For those who don't know it, it's a kernel patch which adds capabilities support. It makes impossible to delete logs 'cause in order to disable "append only" you should reboot with a kernel without lids, but lids forbids rebooting unless the admin is logged from a local console. -- Luca Gibelli (l.gibelli@oltrelinux.com || luca@azzurranet.org) PGP Fingerprint: EC7C D6D2 D754 89F8 BDE8 8924 6341 3B07 C2F3 9102 PGP Key Available on: Key Servers || http://gibelli.oltrelinux.com/gibelli.asc BOFH excuse 208: Traffic jam on the Information Superhighway.
Attachment:
pgppQgTFGwQQW.pgp
Description: PGP signature