Firewall Wizards mailing list archives

Re: WORM file system for logging

From: Andreas Siegert <afx () ibm de>
Date: Fri, 7 Aug 1998 15:46:07 +0200


Quoting Paul McNabb (mcnabb () argus-systems com):

Another alternative is to have the syslogd running on a trusted
OS and have it configured so that the daemon can only receive
but never transmit.  You could even set it up so that the log
files are accessible in only 2 ways:

(1) from log traffic being passed to the daemon via the network
and/or local processes, or
(2) in a read/write mode from the console when the machine is in
single user mode and networking is disabled.


This still allows tampering by the sysadmin. The original idea behind the WORM
drive was to make it even temper proof against the admins.

-- 
Andreas Siegert       afx () ibm de / afx () barolo munich de ibm com / AFX at IPNET
PGP Key:http://www.muc.de/~afx/pubkey.asc, KeyId AB26FD05

Current thread:

Re: WORM file system for logging, (continued)
- - - Re: WORM file system for logging Marcus J. Ranum (Aug 06)
    - Re: WORM file system for logging Adam Shostack (Aug 06)
    - Re: WORM file system for logging Joseph S. D. Yao (Aug 06)
    - Re: WORM file system for logging Bobo Rajec (Aug 07)
    - Re: WORM file system for logging Doug Hughes (Aug 07)
  - Re: WORM file system for logging David Collier-Brown (Aug 05)
- RE: WORM file system for logging Resino, Robert G. (Aug 03)
  - Re: WORM file system for logging Andreas Siegert (Aug 04)
- Re: WORM file system for logging Paul McNabb (Aug 06)
  - RE: WORM file system for logging Andrew J. Luca (Aug 07)
  - Re: WORM file system for logging Andreas Siegert (Aug 07)
- Re[2]: WORM file system for logging Andrea . Zuccollo (Aug 07)
- Re: WORM file system for logging Vinci Chou (Aug 10)