On Mon, 30 Apr 2001, mouss wrote:
> >Personally, I prefer log files to be 600 and owned by the logging process'
> >PID. No use in giving a non-priv. user access to the logs on a system for
> >no good reason.
>
> hmmm' I know this is the linux way, but it has mostly sucked me on all the
> linux machines
> I approached. I like being able to tail -f the logs without doing a su
> root. There are things to hide,
> but there are things that are considered part of the service to users. I
> only hide what should be hidden.
> security isn't incompatible with availability.
Then you should consider making them group readable, and adding yourself
to the group. I don't like to give attackers the benefit of knowing what
is and isn't logged. For most times, it's a given that a compromise will
lead to root, but if the attacker isn't skilled and the system is hardened
well, then them not knowing how much you've logged could be a significant
advantage. It could be the difference between them abandoning the
previous hop and leaving enough evidence around to get a prosecution.
> It seems there'll always be an issue with syslogd on solaris!
Indeed. With parts of the source available now, I'm surprised that we
haven't seen someone port the BSD syslogd.
> > There were some patchadd patches too- if you haven't done
> >them, then doing the recommended security patches and whatever else you'll
> >end up needing could be difficult.
>
> I'm still surprised how keeping at a correct level is far easier with open
> source
> systems than with commercial ones! and they then talk about support...
Obstensibly you can call someone up and say "Hey, my syslog isn't logging
when I change the permissions..." ;)
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
