sysklogd priv seperation

Bennett Todd bet at rahul.net
Mon Jan 24 08:17:58 PST 2005


2005-01-24T16:03:18 Dhajoglo:
> Who's to say that shipping the logs off will really help.

Might not help; if the implementor doesn't take proper care to lock
up the logserver. But it's a key part of many system designs.

A hardened syslog server can be made much, much harder to burgle
than a server offering more complex, interesting services; a server
offering remote shell, or elaborate web services, can be exceedingly
hard to keep perfectly locked up. But if log data sufficient to help
diagnose burglaries can be shipped off-system before the attacker
can intercept it, at least you can find out that the burglary
happened and when, and perhaps something about how or from where.

For this purpose, I'm quite fond of minirsyslogd.

-Bennett
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.linuxfromscratch.org/pipermail/hlfs-dev/attachments/20050124/c8725e6f/attachment.sig>


More information about the hlfs-dev mailing list