Firewall Wizards mailing list archives

Re: WORM file system for logging

From: Vinci Chou <vkmchou () hk super net>
Date: Mon, 10 Aug 1998 18:13:06 +0800 (HKT)

Andreas Siegert wrote:

 This still allows tampering by the sysadmin. The original idea behind
 the WORM drive was to make it even temper proof against the admins.


We are using a small simple program running as a demon to look at those
logs we want to keep and write the logs record by record to an optical
drive on write-once media.  When we need to retrieve the log, another
program read everything from the media and separate them into the original
log files. Any comments on this approach ?

However, I don't think anything could be tamper proof against the admins,
if the admins have physical access to the drive or media or the system
itself (and by definition an admin must have access to the system).


Vinci

Current thread:

Re: WORM file system for logging, (continued)
- - - Re: WORM file system for logging Joseph S. D. Yao (Aug 06)
    - Re: WORM file system for logging Bobo Rajec (Aug 07)
    - Re: WORM file system for logging Doug Hughes (Aug 07)
  - Re: WORM file system for logging David Collier-Brown (Aug 05)
- RE: WORM file system for logging Resino, Robert G. (Aug 03)
  - Re: WORM file system for logging Andreas Siegert (Aug 04)
- Re: WORM file system for logging Paul McNabb (Aug 06)
  - RE: WORM file system for logging Andrew J. Luca (Aug 07)
  - Re: WORM file system for logging Andreas Siegert (Aug 07)
- Re[2]: WORM file system for logging Andrea . Zuccollo (Aug 07)
- Re: WORM file system for logging Vinci Chou (Aug 10)