That and/or you could just disallow the use of logger to that of just a special group say staff and modify the mtree(8) files to keep the changes.
These are just medial tasks into hardening a system for its specific needs. security/logcheck should pick up these events pretty quickly and shoot out an email to your admin group to alert them of the miscreant :-) -- Jason Hellenthal Voice: 95.30.17.6/616 JJH48-ARIN > On May 25, 2014, at 23:37, "Ronald F. Guilmette" <[email protected]> > wrote: > > > In message <[email protected]>, I wrote: > >> ========================================================================== >> #!/bin/sh >> >> while (1) >> dd if=/dev/random bs=15 count=1 | od -c | xargs logger >> end >> ========================================================================== > > DUH! > > I forgot that newsyslog(8) should limit the size of /var/log/messages, and > that as long as you limit the size of that to a reasnable value, and as > long as you have newsyslog(8) only keeping a finite & reasonable number > of "rotated out" copies, then /var won't fill up. > > My apologies to everyone for the distraction. > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "[email protected]"
smime.p7s
Description: S/MIME cryptographic signature
