sysklogd priv seperation

Heiko Zuerker heiko at
Sun Jan 23 11:30:48 PST 2005

Archaic wrote:

>On Sun, Jan 23, 2005 at 11:37:49AM -0600, Heiko Zuerker wrote:
>>Of course logrotate must then run as root and take care of the special 
>Which is why it probably shouldn't be chattr'd. Also, chattr doesn't
>work with all filesystems.
I don't see a problem running logrotate as root, since it is only 
executed 'on demand' by cron.

The syslog daemon on the other side is much more critical and could 
always be compromised. Once the syslog daemon is compromised, an 
intruder could erase his tracks by modifying the log files.
The 2 only ways to prevent tampering with the logs are
1) making sure the logs can not be change (hence chattr)
2) usage of a separate log host (but this is only managable by companies)

The filesystems supporting the attributes are of course another problem. 
I can speak only for me personally, but using ext2/3 for the log 
partition would be OK when the benefits are worth it.
I don't know which other filesystems are supporting it.


  Heiko Zuerker

More information about the hlfs-dev mailing list