Peter Cordes writes:
On Wed, Apr 18, 2001 at 01:57:33PM +0100, Andrew Stribblehill wrote:
Not every filesystem that Linux works with supports the append-only
flag. If append-only is attempted, it must be able to cope with this
absence. (I'm sure I'm not the only one that has /var/log symlinked
On Wed, Apr 18, 2001 at 01:57:33PM +0100, Andrew Stribblehill wrote:
> Not every filesystem that Linux works with supports the append-only
> flag. If append-only is attempted, it must be able to cope with this
> absence. (I'm sure I'm not the only one that has /var/log symlinked
> to /mnt/floppy ;)
from the secret journal of Micah Anderson ([EMAIL PROTECTED]):
> One additional tweak which falls into line with the security setups, that I
> think is a good idea is to made the log files in /var/log to be chattr +a
> (append only) so logfiles cannot be modified or removed altogether to cover
> up
Peter Cordes writes:
> On Wed, Apr 18, 2001 at 01:57:33PM +0100, Andrew Stribblehill wrote:
>> Not every filesystem that Linux works with supports the append-only
>> flag. If append-only is attempted, it must be able to cope with this
>> absence. (I'm sure I'm not the only one that has /var/log s
On Wed, Apr 18, 2001 at 01:57:33PM +0100, Andrew Stribblehill wrote:
> Not every filesystem that Linux works with supports the append-only
> flag. If append-only is attempted, it must be able to cope with this
> absence. (I'm sure I'm not the only one that has /var/log symlinked
> to /mnt/floppy ;
Quoting Micah Anderson <[EMAIL PROTECTED]>:
> One additional tweak which falls into line with the security setups, that I
> think is a good idea is to made the log files in /var/log to be chattr +a
> (append only) so logfiles cannot be modified or removed altogether to cover
> up tracks. This isn't
from the secret journal of Micah Anderson ([EMAIL PROTECTED]):
> One additional tweak which falls into line with the security setups, that I
> think is a good idea is to made the log files in /var/log to be chattr +a
> (append only) so logfiles cannot be modified or removed altogether to cover
> u
Quoting Micah Anderson <[EMAIL PROTECTED]>:
> One additional tweak which falls into line with the security setups, that I
> think is a good idea is to made the log files in /var/log to be chattr +a
> (append only) so logfiles cannot be modified or removed altogether to cover
> up tracks. This isn'
I've decided to try an either make my own syslogger, or contribute/modify one
of the existing. The current sysklogd simply doesn't meet my needs or demands.
Until I complete my "quest", here's my current syslog.conf, which I
personally believe to be better. Some people really like one big log -
On Sun, 15 Apr 2001 14:45:04 EDT, Andy Bastien writes:
>> A syslog that strips formfeeds and line feeds attached to a printer is a
>> little better, but I haven't found an efficient way to egrep with my
eyes.
>[...]
>
>Here's a page that discusses how to make a receive-only cable (scroll
>down to
Of all the days, it was on Sat, Apr 14, 2001 at 02:32:20PM -0400 that Jacob
Kuntz quoth:
> from the secret journal of Andy Bastien ([EMAIL PROTECTED]):
> >
> > Another technique is to use a separate logging server which has the
> > transmit leads on it's ethernet connection snipped. It's capable
I've decided to try an either make my own syslogger, or contribute/modify one
of the existing. The current sysklogd simply doesn't meet my needs or demands.
Until I complete my "quest", here's my current syslog.conf, which I
personally believe to be better. Some people really like one big log -
On Sun, 15 Apr 2001 14:45:04 EDT, Andy Bastien writes:
>> A syslog that strips formfeeds and line feeds attached to a printer is a
>> little better, but I haven't found an efficient way to egrep with my
eyes.
>[...]
>
>Here's a page that discusses how to make a receive-only cable (scroll
>down to
Of all the days, it was on Sat, Apr 14, 2001 at 02:32:20PM -0400 that Jacob Kuntz
quoth:
> from the secret journal of Andy Bastien ([EMAIL PROTECTED]):
> >
> > Another technique is to use a separate logging server which has the
> > transmit leads on it's ethernet connection snipped. It's capabl
On Sat, Apr 14, 2001 at 02:58:02PM +0200, Luca Gibelli wrote:
> > One additional tweak which falls into line with the security setups, that I
> > think is a good idea is to made the log files in /var/log to be chattr +a
> > (append only) so logfiles cannot be modified or removed altogether to cover
On Sat, Apr 14, 2001 at 02:58:02PM +0200, Luca Gibelli wrote:
> > One additional tweak which falls into line with the security setups, that I
> > think is a good idea is to made the log files in /var/log to be chattr +a
> > (append only) so logfiles cannot be modified or removed altogether to cove
from the secret journal of Andy Bastien ([EMAIL PROTECTED]):
>
> Another technique is to use a separate logging server which has the
> transmit leads on it's ethernet connection snipped. It's capable of
> receiving (via UDP only, since it can't ACK!) log entries, but it's
> virtually impossible t
Of all the days, it was on Fri, Apr 13, 2001 at 05:54:07PM -0500 that Kevin van
Haaren quoth:
>
>
> --On Friday, April 13, 2001 3:40 PM -0700 Micah Anderson <[EMAIL PROTECTED]>
> hath wrote:
>
> | One additional tweak which falls into line with the security setups, that
> | I think is a good i
from the secret journal of Andy Bastien ([EMAIL PROTECTED]):
>
> Another technique is to use a separate logging server which has the
> transmit leads on it's ethernet connection snipped. It's capable of
> receiving (via UDP only, since it can't ACK!) log entries, but it's
> virtually impossible
Of all the days, it was on Fri, Apr 13, 2001 at 05:54:07PM -0500 that Kevin van Haaren
quoth:
>
>
> --On Friday, April 13, 2001 3:40 PM -0700 Micah Anderson <[EMAIL PROTECTED]>
> hath wrote:
>
> | One additional tweak which falls into line with the security setups, that
> | I think is a good
Il giorno Fri, Apr 13 in un momento di profonda ispirazione
Micah Anderson scrisse riguardo a " Re: Followup: Syslog ":
> One additional tweak which falls into line with the security setups, that I
> think is a good idea is to made the log files in /var/log to be chattr +a
&g
Il giorno Fri, Apr 13 in un momento di profonda ispirazione
Micah Anderson scrisse riguardo a " Re: Followup: Syslog ":
> One additional tweak which falls into line with the security setups, that I
> think is a good idea is to made the log files in /var/log to be chattr +
--On Friday, April 13, 2001 3:40 PM -0700 Micah Anderson <[EMAIL PROTECTED]>
hath wrote:
| One additional tweak which falls into line with the security setups, that
| I think is a good idea is to made the log files in /var/log to be chattr
| +a (append only) so logfiles cannot be modified or
One additional tweak which falls into line with the security setups, that I
think is a good idea is to made the log files in /var/log to be chattr +a
(append only) so logfiles cannot be modified or removed altogether to cover
up tracks. This isn't the the biggest security trick because all it does
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
(Sorry for the crosspost, but I want to get as much coverage as possible)
First of, thank you everyone for responding! It's given me some food for
thought, and I also found a lot of errors in what I thought would be best.
Anyway, I've compiled a roug
--On Friday, April 13, 2001 3:40 PM -0700 Micah Anderson <[EMAIL PROTECTED]>
hath wrote:
| One additional tweak which falls into line with the security setups, that
| I think is a good idea is to made the log files in /var/log to be chattr
| +a (append only) so logfiles cannot be modified or r
One additional tweak which falls into line with the security setups, that I
think is a good idea is to made the log files in /var/log to be chattr +a
(append only) so logfiles cannot be modified or removed altogether to cover
up tracks. This isn't the the biggest security trick because all it does
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
(Sorry for the crosspost, but I want to get as much coverage as possible)
First of, thank you everyone for responding! It's given me some food for
thought, and I also found a lot of errors in what I thought would be best.
Anyway, I've compiled a rou
28 matches
Mail list logo
