Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On Wed, Sep 15, 2004 at 10:54:45AM -0400, Don Levey wrote: DM: > > A potentially better solution is to log remotely to a different > > machine connected to your side of the firewall. Then if the machine > > is compromised, it''s much less likely (if you've taken apropriate > > measures) that the system's logs will be modified at the time of the > > compromise. They'll be on a different machine entirely, which may > > (should) not have easy attack vectors from the firewall box. > > Good points, both. I'd need to have the machine up so that I can figure out > what I need to fix, so hopefully after a reboot I'd have at least a little > time. How would I go about logging remotely? It's not as if I could > NFS-mount another drive, that'd be subject to the same problem. > -Don Example line - used in /etc/syslog.conf: *.emerg????@my.central.logserver.com This sends all emergency messages to the machine with the hostname my.central.logserver.com. Important note about this: Using the remote logging feature opens up a possible problem - if the /var/ directory is part of the root (/) filesystem, it would be easy to flood the logging server and possible bring it to a halt! One way to circumvent this is to have a seperate partition for /var (if you're logging to /var that is), or to use logrotation. logrotation is already set up on many distro's -- Linux/Open Source. Now all your base belongs to you, for free. ============================================================ Idealism: "Realism applied over a longer time period" Jeff Kinz, Emergent Research, Hudson, MA.
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |