Re: chattr +a in /var/log files

To: debian-security@lists.debian.org
Subject: Re: chattr +a in /var/log files
From: Victor Calzado Mayo <vcalzado@cnio.es>
Date: Fri, 9 May 2003 16:21:03 +0200
Message-id: <200305091621.03751@asterisios>
In-reply-to: <3EBAB3B5.20906@telefonica.net>
References: <3EBAB3B5.20906@telefonica.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi from .es where everything else is a joke too :PP
On Thursday 08 May 2003 21:44, Juan Carlos Silla. wrote:
>     Hello *:
>
>     I would like set 'a' bit for files in /var/log/ but it makes
> imposible to logrotate to rotate log files normaly.  Is enough  to set
>  chattr -a in prerotate script? How useful is set 'a' bit for log files?
> No much I think, if an intruder gain root access... he could unset
> append attribute too. Not?

I don't think this kind of things improve security but if you stop to think 
you could see a lot of problems related to this change not only in logrotate 
log rotation but in every other system that needs to do so.
If you wan't secure logging maybe you find interesting the remote syslogging 
thread. 

http://lists.debian.org/debian-security/2003/debian-security-200304/msg00271.html

I've seen a lot of problems related to 'chattr and hardening' and i can't see 
the goodness of the idea even in a happy day. 

un saludo
Victor

>
> Regars from .es -where adsl is a joke.

- -- 
 "El mundo se hace día a día con el esfuerzo de los inteligentes, pero son los 
imbéciles quienes lo disfrutan".
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+u7lPEzqHF8R72ekRAmCZAJ9jbb251DjOSzp8diQ5F4Qi5uTEuACfYeMY
yflDWnckGhVw5aALEfvgB9g=
=yQtF
-----END PGP SIGNATURE-----

Reply to:

References:
- chattr +a in /var/log files
  - From: "Juan Carlos Silla." <ejuancar@telefonica.net>

Prev by Date: ptrace fix in 2.4
Next by Date: Re: trojan horse on testing?
Previous by thread: chattr +a in /var/log files
Next by thread: E-mail message not delivered
Index(es):
- Date
- Thread