sysklogd priv separation
robert at linuxfromscratch.org
Tue Jan 25 10:29:16 PST 2005
On January 24, 2005 11:03 am, DHAJOGLO at smumn.edu wrote:
> >The problem is when you're going outside of a corporate environment,
> >i.e. home users.
> >Home users won't run a log host at home, because it's to loud, to
> >expensive, is an overkil etc.
> Who's to say that shipping the logs off will really help. If an attacker
> can get into your HLFS and see that the logs are going to another server,
> they may be very successful in atacking that server also (all bets are
> indeed off then). Or worse, they stumble across your syslog server first
> (with poor security because the HLFS system is used for the database
> server). Point is, log security is still an issue no matter where the logs
> are being written (or, heavens forbid, re-written).
I think it'll be the most tamper proof if all servers acted as syslog servers
for all other servers, connected in a web. Then its impossible to get away
with log tampering unless all servers were hacked simultaneously. But from
the perspective of the book we can't assume anyone has more than one server.
Even though most server environments have other computers on the network, we
cant count on them to be able to serve syslogd.
More information about the hlfs-dev