d newsyslog will be able
> > to rotate it; an attacker with superuser privileges will also be able to
> > replace it with a doctored file.
>
> Yes. But if sappend is set on the required files, and then securelevel=1
> is set, then nothing can change the flag while the syste
on the required files, and then securelevel=1
is set, then nothing can change the flag while the system is multiuser.
That is, if I'm understanding correctly?
So, on such a system, if I understand correctly, newsyslog would need
to be turned off.
Am I correct in understanding that securelevel could
void writes:
> In order to accomplish what I'd like, I understand that I'd need to set +schg
> on the individual logs, then set the securelevel afterwards and reboot.
If you set the log file +schg, it can't be written to at all. That's
obviously not what you want.
If you set it +sappnd, it can
On Tue, 24 Oct 2023, at 17:45, Cy Schubert wrote:
> What a lot of large enterprises do is send logs off machine. A *.* log to
> @IP or an agent does the same thing. The remote logging server also has
> software to allow one to search the logs for a machine or multiple machines
> allowing one
On Tue 2023-10-24 (17:33), void wrote:
> In order to accomplish what I'd like, I understand that I'd need to set +schg
> on the individual logs, then set the securelevel afterwards and reboot.
You don't need to reboot when raising the securelevel, only to lower it.
In message <35f733cc-a6c2-46a4-b564-b1ef87893...@app.fastmail.com>, void
writes
:
> On Tue, 24 Oct 2023, at 11:31, Miroslav Lachman wrote:
>
> > root@neon ~/ # find -s -x / -flags +schg,sappnd
> > /.sujournal
> > /lib/libc.so.7
> > /lib/libcrypt.so.5
> > /lib/libthr.so.3
> > /libexec/ld-elf.so.1
newsyslog will rotate them as expected.
>
> In other words - securelevel 1 causes that you cannot remove flags on
> files where append-only or immutable flags are set, securelevel cannot
> be lowered on running system. But on default instalation there are only
> few files protecte
On Tue, 24 Oct 2023, at 11:31, Miroslav Lachman wrote:
> root@neon ~/ # find -s -x / -flags +schg,sappnd
> /.sujournal
> /lib/libc.so.7
> /lib/libcrypt.so.5
> /lib/libthr.so.3
> /libexec/ld-elf.so.1
> /libexec/ld-elf32.so.1
> /sbin/init
> /usr/bin/chpass
> /usr/bin/crontab
> /usr/bin/login
>
.
In other words - securelevel 1 causes that you cannot remove flags on
files where append-only or immutable flags are set, securelevel cannot
be lowered on running system. But on default instalation there are only
few files protected by flags.
This list is from 13.2 amd64:
root@neon
Oct 2023, at 12:19, void wrote:
>
> Hi,
>
> I'd like to set append-only on an arm64 system running stable/14-n265566
> (so securelevel=1) but how would newsyslog(8) handle it? How will it rotate
> logs?
>
> --
>
Hi,
I'd like to set append-only on an arm64 system running stable/14-n265566
(so securelevel=1) but how would newsyslog(8) handle it? How will it rotate
logs?
--
11 matches
Mail list logo
