[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-security-audit
Subject: Re: [RFC] environment sanitisation wrapper
From: Jim Dennis <jimd () linuxcare ! com>
Date: 2000-06-08 17:56:39
[Download RAW message or body]
Apparently Zach Brown <zab@zabbo.net> wrote:
> On Wed, May 31, 2000 at 07:59:37PM +0100, Chris Evans wrote:
>> If you want secure logs best to
>> 1) Log to read-only media e.g. line printer
>> or
>> 2) Log to remote host. Remote host should be a minimal system only running
>> syslog. Or better, a home cooked daemon which reads from a network socket
>> and writes to a file. The latter solution is better because it is easier
>> to audit and verify as secure.
> for increased paranoia, used hardwired hw addresses and cut the loggers tx
> pair. log in at console with insane auth to get at the logs..
> --
> zach
Of course you could use a null modem or PLIP cable. There's no way
to sniff or spoof one of those (without physical access). On the
null modem cable, you don't even run any networking protocol ---
the loghost just listens, the logging client just sends to a
"virtual serial printer"
(Presumably one could also do a sort of "null modem"
reciever/driver for your PLIP cable, rather than running PLIP
PPP/IP protocol over that line.)
The loghost can be constructed with NO network card in it --
such that physical access is required for interactive access.
--
Jim Dennis Technical Research Analyst Linuxcare, Inc.
jdennis@linuxcare.com, http://www.linuxcare.com/
415 740-4521 415 701-7457 fax
Linuxcare: Support for the Revolution
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic