--On Friday, April 13, 2001 3:40 PM -0700 Micah Anderson <[EMAIL PROTECTED]>
hath wrote:
| One additional tweak which falls into line with the security setups, that
| I think is a good idea is to made the log files in /var/log to be chattr
| +a (append only) so logfiles cannot be modified or removed altogether to
| cover up tracks. This isn't the the biggest security trick because all it
| does is make it if you don't know about chattr then you can't install a
| trojan. If you've got root then removing the immutability flags is
| trivial, but only if you know how to, or even know they exist. But it has
| kept the lower-level admins at a site I work at from modifying the
| logfiles, which is against policy.
|
if you want a real way to do this (more than just obscuring what you've
done) go get one of those old dot-matrix printers with fanfold paperfeed
and dump your logs to it in addition to the one on drive. Keep it in a
secured room.
kevin
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
