>I hope someone can help me. I wish to know how to configure a SECURE REMOTE
>LOGGING host.
>
Check out the Linux Administrator's Security Guide
(http://www.securityportal.com/lasg/logging/). It describes some basic security
measures like chattr'ing log files and the use of alternatives to syslog.
I once saw an article which describes another method. It involves a bit of hacking of
syslog on the "clients" such that it uses a different default configuration file (say
/usr/local/bin/yes instead of /etc/syslog.conf). Of course, there should exist a
"dummy" /etc/syslog.conf. This way if any of the clients are compromised, the
attacker could not easily determine the loghost's address.
Obviously, the basic rule of limiting the services to the barest minimum (syslogd and
sshd only?) running on any "sensitive" host should be observed.
HTH,
abramos
__________________________________
www.edsamail.com
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
