Firewall Wizards mailing list archives
Re: WORM file system for logging
From: Andreas Siegert <afx () ibm de>
Date: Fri, 7 Aug 1998 15:46:07 +0200
Quoting Paul McNabb (mcnabb () argus-systems com):
Another alternative is to have the syslogd running on a trusted OS and have it configured so that the daemon can only receive but never transmit. You could even set it up so that the log files are accessible in only 2 ways: (1) from log traffic being passed to the daemon via the network and/or local processes, or (2) in a read/write mode from the console when the machine is in single user mode and networking is disabled.
This still allows tampering by the sysadmin. The original idea behind the WORM drive was to make it even temper proof against the admins. -- Andreas Siegert afx () ibm de / afx () barolo munich de ibm com / AFX at IPNET PGP Key:http://www.muc.de/~afx/pubkey.asc, KeyId AB26FD05
Current thread:
- Re: WORM file system for logging, (continued)
- Re: WORM file system for logging Marcus J. Ranum (Aug 06)
- Re: WORM file system for logging Adam Shostack (Aug 06)
- Re: WORM file system for logging Joseph S. D. Yao (Aug 06)
- Re: WORM file system for logging Bobo Rajec (Aug 07)
- Re: WORM file system for logging Doug Hughes (Aug 07)
- Re: WORM file system for logging David Collier-Brown (Aug 05)
- Re: WORM file system for logging Andreas Siegert (Aug 04)
- RE: WORM file system for logging Andrew J. Luca (Aug 07)
- Re: WORM file system for logging Andreas Siegert (Aug 07)