Re: securelevel 1
- Reply: void : "Re: securelevel 1"
- In reply to: void : "Re: securelevel 1"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 24 Oct 2023 17:45:40 UTC
In message <35f733cc-a6c2-46a4-b564-b1ef87893fc5@app.fastmail.com>, void writes : > On Tue, 24 Oct 2023, at 11:31, Miroslav Lachman wrote: > > > root@neon ~/ # find -s -x / -flags +schg,sappnd > > /.sujournal > > /lib/libc.so.7 > > /lib/libcrypt.so.5 > > /lib/libthr.so.3 > > /libexec/ld-elf.so.1 > > /libexec/ld-elf32.so.1 > > /sbin/init > > /usr/bin/chpass > > /usr/bin/crontab > > /usr/bin/login > > /usr/bin/opieinfo > > /usr/bin/opiepasswd > > /usr/bin/passwd > > /usr/bin/su > > /usr/lib/librt.so.1 > > /usr/lib32/libc.so.7 > > /usr/lib32/libcrypt.so.5 > > /usr/lib32/librt.so.1 > > /usr/lib32/libthr.so.3 > > /var/empty > > > > Log files are not protected. > > Thanks for explaining. > > The reason for setting the securelevel to 1 would be so that the log files ca > n't > be modified/deleted. So I'm glad you explained that because I didn't twig > the securelevel only disallows changing flags and the log files weren't prote > cted. > > In order to accomplish what I'd like, I understand that I'd need to set +schg > on the individual logs, then set the securelevel afterwards and reboot. > > But if this is done, it seems there's no way (at least directly) for the log > file to be rotated? > What a lot of large enterprises do is send logs off machine. A *.* log to @IP or an agent does the same thing. The remote logging server also has software to allow one to search the logs for a machine or multiple machines allowing one to correlate messages across the network. For server admins logging into each server individually, correlating logs can be time consuming and a little challenging as one must keep a lot of information in mind when working with multiple machines. But with logs sent to a single server a person can use software designed to correlate logs. -- Cheers, Cy Schubert <Cy.Schubert@cschubert.com> FreeBSD UNIX: <cy@FreeBSD.org> Web: https://FreeBSD.org NTP: <cy@nwtime.org> Web: https://nwtime.org e^(i*pi)+1=0