[1936] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: syslogd communication

daemon@ATHENA.MIT.EDU (Dale.Babiy)
Wed Jun 24 02:23:43 1998

From: "Dale.Babiy" <Dale.Babiy@gov.yk.ca>
To: linux-security@redhat.com
Date: Tue, 23 Jun 1998 14:07:58 -0700
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com

> >         Second, why don't you implement a "black box" log system ?
> > That's all log generated by all hosts on your network is forwarded
> > to a seperate log machine called black box.  Such computer grants
> > no access to any body whatsoever except for user "root" loginning on
> > the console.
> 
> how to setup a secure "black-box"? AFAIK, syslogd communication is not
> authenticated/encrypted, so it is vulnerable to
> spoofing/forging/eavesdropping/etc.
> Could IPsec be used for protecting of syslogd communication? 
> what other
> means for protection are there? is any of this means usable 
> for all UNIX
> hosts?

There's secure-syslog, or you could look at tunneling through ssh, or
attaching a 'slip' connection between the boxen (hard to insert packets
on a serial cable :)), or even just hook up a dot matrix printer to the
back.

Dale

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post