sysklogd priv seperation

Steve Crosby fost at hotmail.com
Mon Jan 24 15:50:12 PST 2005


Bennett Todd <bet at rahul.net> wrote in news:20050124161758.GA6668 at rahul.net:

> 2005-01-24T16:03:18 Dhajoglo:
>> Who's to say that shipping the logs off will really help.
> 
> Might not help; if the implementor doesn't take proper care to lock
> up the logserver. But it's a key part of many system designs.
> 

and you can do that in hardware too - you can provide a "clipped" UTP cable 
to the syslog server - that makes it a "one-way" net cable. You can only 
send UDP over that wire, and no guarantees it's received, but no 
possibility of a remote compromise either ;) (although DoS is still 
possible - nothing is perfect ;)

-- -
Steve Crosby



More information about the hlfs-dev mailing list