sysklogd priv seperation
archaic at linuxfromscratch.org
Sun Jan 23 12:21:01 PST 2005
On Sun, Jan 23, 2005 at 01:30:48PM -0600, Heiko Zuerker wrote:
> I don't see a problem running logrotate as root, since it is only
> executed 'on demand' by cron.
All programs that do not *have* to be run as root should not be run as
> The 2 only ways to prevent tampering with the logs are
> 1) making sure the logs can not be change (hence chattr)
> 2) usage of a separate log host (but this is only managable by companies)
3) Protect your box from being rooted. Once rooted, all bets are off. If
the files are immutable, how are you going to write logs to them?
Also, what is hard about running a log server on another box?
Want control, education, and security from your operating system?
Hardened Linux From Scratch
More information about the hlfs-dev