disable (new)syslog rotation and raise securelevel ... possible?
Xin LI
delphij at delphij.net
Mon Jul 12 23:41:23 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 2010/07/12 11:04, Fernan Aguero wrote:
> Hi,
>
> I'd like to harden my FreeBSD installation, and thus would like to, e.g.
>
> i) chflags sappnd /var/log/*
> ii) raise the securelevel of the system
>
> Is this possible? I've read elsewhere that newsyslog would not work in
> such a system ... what are the possible workarounds?
>
> I wouldn't bother taking the system down once a week or every other
> week, and manually lowering the securelevel, running newsyslog, etc.
> Is there a guide somewhere on how to go about this?
Speaking for your question, disabling newsyslog can be done by removing
the corresponding line in your /etc/crontab.
However, the use of system flags is usually dangerous, I don't really
consider them as very useful mechanisms for hardening your installation.
Logging remotely to a dedicated and secured central logging server
could be a better (as long as you have control to your internal network)
alternative, since the attacker has to take down two systems, rather
than one, in order to erase their foot prints.
Cheers,
- --
Xin LI <delphij at delphij.net> http://www.delphij.net/
FreeBSD - The Power to Serve! Live free or die
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (FreeBSD)
iQEcBAEBCAAGBQJMO6gRAAoJEATO+BI/yjfByF8IAI4qPKWNJhMqgs/QAk609FTV
CTTy96jBi+jUWMq8pek8G8fI1TYV2B2wOhPm8qrq5HSyqdNs+NeSS1WVLhynCu7F
xK9ewsa+XBeZlASIbA2fqCT4oktASMAlD7XgMlMqbAo2nhMzyngHL+nqD6UZoC/n
IomRwK30W1VTGU1YnY0pMvH5nGrK7+hBqniivwNSijy02zLzjA9mwwH+sTzcDLX9
gucpoDCdmlZcQIWHUWEHFFRoZH9VDlm1UHMmwCSZzy6QEWGiPk4nFH9+EfxMPozU
seWZfrHrw1EwGaqizKDSnlMb6eVFhUWmz2hVAZqxol8Yu6JyXBAsgRXvLWI8kME=
=5taC
-----END PGP SIGNATURE-----
More information about the freebsd-security
mailing list