sysklogd priv seperation

Steve Crosby fost at
Mon Jan 24 15:50:12 PST 2005

Bennett Todd <bet at> wrote in news:20050124161758.GA6668 at

> 2005-01-24T16:03:18 Dhajoglo:
>> Who's to say that shipping the logs off will really help.
> Might not help; if the implementor doesn't take proper care to lock
> up the logserver. But it's a key part of many system designs.

and you can do that in hardware too - you can provide a "clipped" UTP cable 
to the syslog server - that makes it a "one-way" net cable. You can only 
send UDP over that wire, and no guarantees it's received, but no 
possibility of a remote compromise either ;) (although DoS is still 
possible - nothing is perfect ;)

-- -
Steve Crosby

More information about the hlfs-dev mailing list