uh, thanks for the advices.
what i really need is how to configure the server for remote logging.
oh yeah, who else here uses zope and zeo? i've been running zope for nearly
a year now. but it seems to be acting up right now. i dunno if this is
because one of our mirror servers is in the states. it just sucks right now.
but otherwise, it really is a good applications development tool.
do you know of any other applications development like zope. vignette is
quite expensive and i think it is windows-based. how is broad vision?
Fritz Mesedilla
Systems Administrator
"Ooops! Save your work, everyone. FAST!"
----------------------------------------------------------------------------
Summit Interactive, Inc.
http://www.femalenetwork.com | http://www.candymag.com
http://www.fhm.com.ph | http://www.cosmo.com.ph
FHM | Seventeen | Candy | Cosmopolitan | Preview | Good Housekeeping
----------------------------------------------------------------------------
email: [EMAIL PROTECTED] icq#: 23476449 yahoo id: fritzcm
http://www.fritzmesedilla.net and http://www.fritz.iscute.com
----------------------------------------------------------------------------
+Basta Ikaw Lord
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of fooler
Sent: Wednesday, May 09, 2001 6:01 PM
To: [EMAIL PROTECTED]
Subject: Re: [plug] syslog
Importance: High
Kid Pogi wrote:
> "fooler" <[EMAIL PROTECTED]> wrote:
>
> >Fritz Mesedilla wrote:
> >
> >> Greetings!
> >>
> >> I hope someone can help me. I wish to know how to configure a SECURE
REMOTE
> >> LOGGING host.
> >>
> >> I'm currently using Red Hat LInux 7.0 and Apache 1.3.19. Please advice
on
> >> what things are needed and what i have to do.
> >>
> >
> >the most important thing on your syslog server is your log files. its up
to you how you protect your log files even if
> >your syslog server is being compromise.
>
> Nope. If your log server is compromised (rooted), game over ka na. No
amount of "log files protection" will help you. The best approach, AFAIK,
is to _prevent_ your loghost from being compromised. Easier said than done,
I know.
are you sure about that kid pogi? i didnt say what specific OS to use...
did you tried openbsd or freebsd *SECURELEVEL* feature? even the *ROOT*
cannot delete nor modify the files if you change the file flags into SCHG or
SAPPND
only. let me cut and paste what the man page tells about the securelevel:
The kernel runs with four different levels of security. Any super-user
process can raise the security level, but no process can lower it. The
security levels are:
-1 Permanently insecure mode - always run the system in level 0
mode.
This is the default initial value.
0 Insecure mode - immutable and append-only flags may be turned
off.
All devices may be read or written subject to their permissions.
1 Secure mode - the system immutable and system append-only flags
may
not be turned off; disks for mounted filesystems, /dev/mem, and
/dev/kmem may not be opened for writing.
2 Highly secure mode - same as secure mode, plus disks may not be
opened for writing (except by mount(2)) whether mounted or not.
This level precludes tampering with filesystems by unmounting
them,
but also inhibits running newfs(8) while the system is
multi-user.
In addition, kernel time changes are restricted to less than or
equal to one second. Attempts to change the time by more than
this
will log the message ``Time adjustment clamped to +1 second''.
3 Network secure mode - same as highly secure mode, plus IP packet
filter rules (see ipfw(8) and ipfirewall(4)) cannot be changed
and
dummynet(4) configuration cannot be adjusted.
take note that even the ip firewall cannot be modify aside from file if
your securelevel is 3. take note also the word IMMUTABLE and APPEND ONLY.
linux has a third party to patch and supports what freebsd or openbsd
feature had but everytime there is a new kernel you have to wait from them
to release their new patch unlike freebsd or openbsd, its already integrated
in their
kernel.
as i said, its depends how you protect your log files. there are lots of
ways to protect your logs files even if your syslog server is being
compromise and its OS has no features what freebsd or openbsd had. one of
the best way to
approach is to implement WORM (write once read many). one of the example for
worm which your logs will be recorded is the CD-R, printer, etc. but this is
too expensive to implement and you notice that i used freebsd and not linux
to
secure my syslog server simply because thats the cheapest way to do it.
is it game over?
fooler.
_
Philippine Linux Users Group. Web site and archives at
http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
