Hi, Josh Bitto wrote: >> How do you deal with scenarios like someone's sensitive data you >> are definitely not allowed to log and store become part of the >> history? Are you prepared to remove these data? > > What sensitive data are you inferring to? It logs command line > input.
Right. An application which supports logging will log prepared data (=chances are high, that sensitive data are removed/masked). A command line gets unfiltered raw input. For example you can connect to your mysqld via # mysql -h foo -u myuser -p and you will be prompted for myuser's password. But you can also pass the password to the command: # mysql -h foo -u myuser -pmysecretpasswordisnowinthelogs Now your mysql password for the user "myuser" is in the logs. Maybe that's not a problem at first view, but people tend to keep there logs unprotected, at least less protected. So when someone get access to your logs (you compressed your log files, put the archive in your htdocs folder to grab it from another machine and your forget to remove..., now somebody found the file), you may have more problems like when you did not have logged the command. Please, don't get me wrong. I don't say you should not log shell histories. You just asked for opinions and I want to share some issues I think you should be aware of when you want to do that. That's all :) -- Regards, Igor _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
