Re: securelevel 1

From: Cy Schubert <Cy.Schubert_at_cschubert.com>
Date: Tue, 24 Oct 2023 17:45:40 UTC
In message <35f733cc-a6c2-46a4-b564-b1ef87893fc5@app.fastmail.com>, void 
writes
:
> On Tue, 24 Oct 2023, at 11:31, Miroslav Lachman wrote:
>
> > root@neon ~/ # find -s -x / -flags +schg,sappnd
> > /.sujournal
> > /lib/libc.so.7
> > /lib/libcrypt.so.5
> > /lib/libthr.so.3
> > /libexec/ld-elf.so.1
> > /libexec/ld-elf32.so.1
> > /sbin/init
> > /usr/bin/chpass
> > /usr/bin/crontab
> > /usr/bin/login
> > /usr/bin/opieinfo
> > /usr/bin/opiepasswd
> > /usr/bin/passwd
> > /usr/bin/su
> > /usr/lib/librt.so.1
> > /usr/lib32/libc.so.7
> > /usr/lib32/libcrypt.so.5
> > /usr/lib32/librt.so.1
> > /usr/lib32/libthr.so.3
> > /var/empty
> >
> > Log files are not protected.
>
> Thanks for explaining.
>
> The reason for setting the securelevel to 1 would be so that the log files ca
> n't 
> be modified/deleted. So I'm glad you explained that because I didn't twig
> the securelevel only disallows changing flags and the log files weren't prote
> cted.
>
> In order to accomplish what I'd like, I understand that I'd need to set +schg
> on the individual logs, then set the securelevel afterwards and reboot.
>
> But if this is done, it seems there's no way (at least directly) for the log
> file to be rotated?
>

What a lot of large enterprises do is send logs off machine. A *.* log to 
@IP or an agent does the same thing. The remote logging server also has 
software to allow one to search the logs for a machine or multiple machines 
allowing one to correlate messages across the network.

For server admins logging into each server individually, correlating logs 
can be time consuming and a little challenging as one must keep a lot of 
information in mind when working with multiple machines. But with logs sent 
to a single server a person can use software designed to correlate logs.


-- 
Cheers,
Cy Schubert <Cy.Schubert@cschubert.com>
FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  https://FreeBSD.org
NTP:           <cy@nwtime.org>    Web:  https://nwtime.org

			e^(i*pi)+1=0