 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On Wed, Sep 15, 2004 at 10:54:45AM -0400, Don Levey wrote: > wrote: > > On Wed, Sep 15, 2004 at 10:23:47AM -0400, Don Levey wrote: > >> A quick reboot will solve all of that - the same files come up > >> again, just as I burned them. > > > > Which may get you immediately re-owned, if that's all you do. > > > >> Keeping a hard disk around for logs means that, well, I can keep > >> logs of any activity. Very useful; that's why we havethem. > > > > A potentially better solution is to log remotely to a different > > machine connected to your side of the firewall. Then if the machine > > is compromised, it''s much less likely (if you've taken apropriate > > measures) that the system's logs will be modified at the time of the > > compromise. They'll be on a different machine entirely, which may > > (should) not have easy attack vectors from the firewall box. > > Good points, both. I'd need to have the machine up so that I can figure out > what I need to fix, so hopefully after a reboot I'd have at least a little > time. How would I go about logging remotely? It's not as if I could > NFS-mount another drive, that'd be subject to the same problem. syslog supports remote logging. -miah
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
