Hi!
On Sun, Mar 15, 2009 at 11:55:39PM -0400, J.R. Mauro wrote:
logs on unix are writeable by everyone:
[rminn...@panzer ~]$ logger -p kern.err JUNK
[rminn...@panzer ~]$ sudo tail -f /var/log/messages
This didn't work on my linux box. I actually have:
% ls -l /var/log/messages
-rw--- 1 root root 960355 2009-03-15 23:51 /var/log/messages
[OT]
Actually, logger works using /dev/log:
# ls -l /dev/log
srwxrwxrwx 1 root root 0 Мар 13 18:55 /dev/log
After chmod 0700 /dev/log users will not be able to use logger anymore.
I usually have all services output logs to stdout (or fifo) and pipe them to
special logging tools like multilog or svlogd, which in turn run as user 'log'
and all these logs have permissions like:
# ls -ld /var/log/apache2/access{,/current}
drwxr-s--- 2 log root 4096 Mar 15 03:55 /var/log/apache2/access
-rw-r--r-- 1 log root 688994 Mar 16 06:11 /var/log/apache2/access/current
So, 'logs on unix' are very configurable and it's not correct to say they
are 'writeable by everyone'. There even no such thing as 'out of box'
setup in unix because it not designed to work 'out of box' and expect some
manual configuration first, :) also, for example, in linux there too many
distributions with different 'out of box' configurations - apache logs
configuration shown above is my 'out of box' configuration installed
automatically while installing Gentoo on new server using my portage overlay.
[/OT]
Back to original question - I think append only is 'good, but not enough'
for logs: adding fake records may hurt no less than mangling existing records.
Reading logs by unauthorized user also may be dangerous.
To solve these two issues you have to set log permissions similar to my
example above: nobody read and only root and log service able to write.
After that it become much less important is these logs are append-only or not
(if one really want to make logs append-only - use chattr +a).
--
WBR, Alex.
