Re: Followup: Syslog

2001-04-18 Thread Ken Seefried
Peter Cordes writes: On Wed, Apr 18, 2001 at 01:57:33PM +0100, Andrew Stribblehill wrote: Not every filesystem that Linux works with supports the append-only flag. If append-only is attempted, it must be able to cope with this absence. (I'm sure I'm not the only one that has /var/log symlinked

Re: Followup: Syslog

2001-04-18 Thread Peter Cordes
On Wed, Apr 18, 2001 at 01:57:33PM +0100, Andrew Stribblehill wrote: > Not every filesystem that Linux works with supports the append-only > flag. If append-only is attempted, it must be able to cope with this > absence. (I'm sure I'm not the only one that has /var/log symlinked > to /mnt/floppy ;)

Re: Followup: Syslog

2001-04-18 Thread Jacob Kuntz
from the secret journal of Micah Anderson ([EMAIL PROTECTED]): > One additional tweak which falls into line with the security setups, that I > think is a good idea is to made the log files in /var/log to be chattr +a > (append only) so logfiles cannot be modified or removed altogether to cover > up

Re: Followup: Syslog

2001-04-18 Thread Ken Seefried
Peter Cordes writes: > On Wed, Apr 18, 2001 at 01:57:33PM +0100, Andrew Stribblehill wrote: >> Not every filesystem that Linux works with supports the append-only >> flag. If append-only is attempted, it must be able to cope with this >> absence. (I'm sure I'm not the only one that has /var/log s

Re: Followup: Syslog

2001-04-18 Thread Peter Cordes
On Wed, Apr 18, 2001 at 01:57:33PM +0100, Andrew Stribblehill wrote: > Not every filesystem that Linux works with supports the append-only > flag. If append-only is attempted, it must be able to cope with this > absence. (I'm sure I'm not the only one that has /var/log symlinked > to /mnt/floppy ;

Re: Followup: Syslog

2001-04-18 Thread Andrew Stribblehill
Quoting Micah Anderson <[EMAIL PROTECTED]>: > One additional tweak which falls into line with the security setups, that I > think is a good idea is to made the log files in /var/log to be chattr +a > (append only) so logfiles cannot be modified or removed altogether to cover > up tracks. This isn't

Re: Followup: Syslog

2001-04-18 Thread Jacob Kuntz
from the secret journal of Micah Anderson ([EMAIL PROTECTED]): > One additional tweak which falls into line with the security setups, that I > think is a good idea is to made the log files in /var/log to be chattr +a > (append only) so logfiles cannot be modified or removed altogether to cover > u

Re: Followup: Syslog

2001-04-18 Thread Andrew Stribblehill
Quoting Micah Anderson <[EMAIL PROTECTED]>: > One additional tweak which falls into line with the security setups, that I > think is a good idea is to made the log files in /var/log to be chattr +a > (append only) so logfiles cannot be modified or removed altogether to cover > up tracks. This isn'

Re: Followup: Syslog

2001-04-15 Thread Kenneth Vestergaard Schmidt
I've decided to try an either make my own syslogger, or contribute/modify one of the existing. The current sysklogd simply doesn't meet my needs or demands. Until I complete my "quest", here's my current syslog.conf, which I personally believe to be better. Some people really like one big log -

Re: Followup: Syslog

2001-04-15 Thread Wade Richards
On Sun, 15 Apr 2001 14:45:04 EDT, Andy Bastien writes: >> A syslog that strips formfeeds and line feeds attached to a printer is a >> little better, but I haven't found an efficient way to egrep with my eyes. >[...] > >Here's a page that discusses how to make a receive-only cable (scroll >down to

Re: Followup: Syslog

2001-04-15 Thread Andy Bastien
Of all the days, it was on Sat, Apr 14, 2001 at 02:32:20PM -0400 that Jacob Kuntz quoth: > from the secret journal of Andy Bastien ([EMAIL PROTECTED]): > > > > Another technique is to use a separate logging server which has the > > transmit leads on it's ethernet connection snipped. It's capable

Re: Followup: Syslog

2001-04-15 Thread Kenneth Vestergaard Schmidt
I've decided to try an either make my own syslogger, or contribute/modify one of the existing. The current sysklogd simply doesn't meet my needs or demands. Until I complete my "quest", here's my current syslog.conf, which I personally believe to be better. Some people really like one big log -

Re: Followup: Syslog

2001-04-15 Thread Wade Richards
On Sun, 15 Apr 2001 14:45:04 EDT, Andy Bastien writes: >> A syslog that strips formfeeds and line feeds attached to a printer is a >> little better, but I haven't found an efficient way to egrep with my eyes. >[...] > >Here's a page that discusses how to make a receive-only cable (scroll >down to

Re: Followup: Syslog

2001-04-15 Thread Andy Bastien
Of all the days, it was on Sat, Apr 14, 2001 at 02:32:20PM -0400 that Jacob Kuntz quoth: > from the secret journal of Andy Bastien ([EMAIL PROTECTED]): > > > > Another technique is to use a separate logging server which has the > > transmit leads on it's ethernet connection snipped. It's capabl

Re: Followup: Syslog

2001-04-14 Thread Ethan Benson
On Sat, Apr 14, 2001 at 02:58:02PM +0200, Luca Gibelli wrote: > > One additional tweak which falls into line with the security setups, that I > > think is a good idea is to made the log files in /var/log to be chattr +a > > (append only) so logfiles cannot be modified or removed altogether to cover

Re: Followup: Syslog

2001-04-14 Thread Ethan Benson
On Sat, Apr 14, 2001 at 02:58:02PM +0200, Luca Gibelli wrote: > > One additional tweak which falls into line with the security setups, that I > > think is a good idea is to made the log files in /var/log to be chattr +a > > (append only) so logfiles cannot be modified or removed altogether to cove

Re: Followup: Syslog

2001-04-14 Thread Jacob Kuntz
from the secret journal of Andy Bastien ([EMAIL PROTECTED]): > > Another technique is to use a separate logging server which has the > transmit leads on it's ethernet connection snipped. It's capable of > receiving (via UDP only, since it can't ACK!) log entries, but it's > virtually impossible t

Re: Followup: Syslog

2001-04-14 Thread Andy Bastien
Of all the days, it was on Fri, Apr 13, 2001 at 05:54:07PM -0500 that Kevin van Haaren quoth: > > > --On Friday, April 13, 2001 3:40 PM -0700 Micah Anderson <[EMAIL PROTECTED]> > hath wrote: > > | One additional tweak which falls into line with the security setups, that > | I think is a good i

Re: Followup: Syslog

2001-04-14 Thread Jacob Kuntz
from the secret journal of Andy Bastien ([EMAIL PROTECTED]): > > Another technique is to use a separate logging server which has the > transmit leads on it's ethernet connection snipped. It's capable of > receiving (via UDP only, since it can't ACK!) log entries, but it's > virtually impossible

Re: Followup: Syslog

2001-04-14 Thread Andy Bastien
Of all the days, it was on Fri, Apr 13, 2001 at 05:54:07PM -0500 that Kevin van Haaren quoth: > > > --On Friday, April 13, 2001 3:40 PM -0700 Micah Anderson <[EMAIL PROTECTED]> > hath wrote: > > | One additional tweak which falls into line with the security setups, that > | I think is a good

Re: Followup: Syslog

2001-04-14 Thread Luca Gibelli
Il giorno Fri, Apr 13 in un momento di profonda ispirazione Micah Anderson scrisse riguardo a " Re: Followup: Syslog ": > One additional tweak which falls into line with the security setups, that I > think is a good idea is to made the log files in /var/log to be chattr +a &g

Re: Followup: Syslog

2001-04-14 Thread Luca Gibelli
Il giorno Fri, Apr 13 in un momento di profonda ispirazione Micah Anderson scrisse riguardo a " Re: Followup: Syslog ": > One additional tweak which falls into line with the security setups, that I > think is a good idea is to made the log files in /var/log to be chattr +

Re: Followup: Syslog

2001-04-13 Thread Kevin van Haaren
--On Friday, April 13, 2001 3:40 PM -0700 Micah Anderson <[EMAIL PROTECTED]> hath wrote: | One additional tweak which falls into line with the security setups, that | I think is a good idea is to made the log files in /var/log to be chattr | +a (append only) so logfiles cannot be modified or

Re: Followup: Syslog

2001-04-13 Thread Micah Anderson
One additional tweak which falls into line with the security setups, that I think is a good idea is to made the log files in /var/log to be chattr +a (append only) so logfiles cannot be modified or removed altogether to cover up tracks. This isn't the the biggest security trick because all it does

Followup: Syslog

2001-04-13 Thread Kenneth Vestergaard Schmidt
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 (Sorry for the crosspost, but I want to get as much coverage as possible) First of, thank you everyone for responding! It's given me some food for thought, and I also found a lot of errors in what I thought would be best. Anyway, I've compiled a roug

Re: Followup: Syslog

2001-04-13 Thread Kevin van Haaren
--On Friday, April 13, 2001 3:40 PM -0700 Micah Anderson <[EMAIL PROTECTED]> hath wrote: | One additional tweak which falls into line with the security setups, that | I think is a good idea is to made the log files in /var/log to be chattr | +a (append only) so logfiles cannot be modified or r

Re: Followup: Syslog

2001-04-13 Thread Micah Anderson
One additional tweak which falls into line with the security setups, that I think is a good idea is to made the log files in /var/log to be chattr +a (append only) so logfiles cannot be modified or removed altogether to cover up tracks. This isn't the the biggest security trick because all it does

Followup: Syslog

2001-04-13 Thread Kenneth Vestergaard Schmidt
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 (Sorry for the crosspost, but I want to get as much coverage as possible) First of, thank you everyone for responding! It's given me some food for thought, and I also found a lot of errors in what I thought would be best. Anyway, I've compiled a rou