sysklogd priv seperation

Mon Jan 24 08:03:18 PST 2005

>The problem is when you're going outside of a corporate environment,
>i.e. home users.
>Home users won't run a log host at home, because it's to loud, to
>expensive, is an overkil etc.

Who's to say that shipping the logs off will really help.  If an attacker can get into your HLFS and see that the logs are going to another server, they may be very successful in atacking that server also (all bets are indeed off then).  Or worse, they stumble across your syslog server first (with poor security because the HLFS system is used for the database server).  Point is, log security is still an issue no matter where the logs are being written (or, heavens forbid, re-written). 

More information about the hlfs-dev mailing list