[1937] in linux-security and linux-alert archive
[linux-security] Re: syslogd communication
daemon@ATHENA.MIT.EDU (Elliot Lee)
Wed Jun 24 02:32:00 1998
Date: Tue, 23 Jun 1998 19:28:14 -0400 (EDT)
From: Elliot Lee <sopwith@redhat.com>
To: linux-security@redhat.com
In-Reply-To: <358F6BE3.79B19793@alert.sk>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
On Tue, 23 Jun 1998, Radovan Semancik wrote:
> > Second, why don't you implement a "black box" log system ?
> > That's all log generated by all hosts on your network is forwarded
> > to a seperate log machine called black box. Such computer grants
> > no access to any body whatsoever except for user "root" loginning on
> > the console.
>
> how to setup a secure "black-box"? AFAIK, syslogd communication is not
> authenticated/encrypted, so it is vulnerable to
> spoofing/forging/eavesdropping/etc. Could IPsec be used for protecting
> of syslogd communication? what other means for protection are there? is
> any of this means usable for all UNIX hosts?
Log to a serial line ("*.* /dev/ttyS0" in /etc/syslog.conf), and stick an
old 386 with no networking at all on the other end, with a program that
just puts the serial data into files by date. If you want to be really
paranoid then put the log files on a loopback-encryption partition and
require the password at bootup.
There was a "syslogng" project out there to write a syslog equivalent with
all the features that syslog is missing, one of which included encryption
and authentication. Unfortunately, I've heard nary a peep about it on
BugTraq since the project was first announced there.
-- Elliot
When I die, I want to die peacefully in my sleep like my grandfather...
...not yelling and screaming like the people in the back of the
plane he was flying.
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null