At 09:19 30/04/01 -0400, Paul D. Robertson wrote:
>Then you should consider making them group readable, and adding yourself
>to the group. I don't like to give attackers the benefit of knowing what
>is and isn't logged. For most times, it's a given that a compromise will
>lead to root, but if the attacker isn't skilled and the system is hardened
>well, then them not knowing how much you've logged could be a significant
>advantage. It could be the difference between them abandoning the
>previous hop and leaving enough evidence around to get a prosecution.
I'd say the converse: keep the default syslog perms, but use specific files
that you create with the correct perms for special events (using the syslog
filtering syntax, though it's weak!).
the real truth is that syslog is a too old mechanism that should be
seriously reviewed.
but things sure will come!
> > It seems there'll always be an issue with syslogd on solaris!
>
>Indeed. With parts of the source available now, I'm surprised that we
>haven't seen someone port the BSD syslogd.
given that they replaced BSD code with AT&T/MS one, I don't see BSD code
getting
back soon. Sun is the company where people start internal wars about
anything, for
a long time, and only stop when a competitor comes out!
They though AT&T would give'em the world and abandoned the BSD code for
AT&T and
MS one... some of their eng' thought that the streams model was a
revolution and that
modularity in the stack was fun, until IPSec came in and they had just
their fingers to fsck.
They finally understood why IP, TCP, UDP and friends were all in the same
place, instead of
having independent modules/drivers:)
(The funny thing is that people like HP just followed, so they're now in
similar problems, but they
just don't have the same features:)
source code available? ahem? like the java one? have you read the license,
boy? I'm not
gonna give it a minute of my time. I had the op' to see the solaris code,
and believe me,
there's nothing there to be proud of, compared to what you find in BSD/Linux.
Is there anyone to "grep -i microsoft /solaris/source/code/..." just to
have a laugh...
>Obstensibly you can call someone up and say "Hey, my syslog isn't logging
>when I change the permissions..." ;)
Given that we see people asking OS question in public mailing lists (such
as this one,
but it's not the only one), there is an evidence that support is a
pre-sales concept! once
you buy, you can forget about....
[That said, Sun is a relatively nice company, compared to many other ones
that I won't cite.
...]
cheers,
mouss
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
