sysklogd priv seperation
heiko at zuerker.org
Sun Jan 23 11:30:48 PST 2005
>On Sun, Jan 23, 2005 at 11:37:49AM -0600, Heiko Zuerker wrote:
>>Of course logrotate must then run as root and take care of the special
>Which is why it probably shouldn't be chattr'd. Also, chattr doesn't
>work with all filesystems.
I don't see a problem running logrotate as root, since it is only
executed 'on demand' by cron.
The syslog daemon on the other side is much more critical and could
always be compromised. Once the syslog daemon is compromised, an
intruder could erase his tracks by modifying the log files.
The 2 only ways to prevent tampering with the logs are
1) making sure the logs can not be change (hence chattr)
2) usage of a separate log host (but this is only managable by companies)
The filesystems supporting the attributes are of course another problem.
I can speak only for me personally, but using ext2/3 for the log
partition would be OK when the benefits are worth it.
I don't know which other filesystems are supporting it.
More information about the hlfs-dev