OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: [RFC] environment sanitisation wrapper
From: Jim Dennis (jimdlinuxcare.com)
Date: Thu Jun 08 2000 - 12:56:39 CDT

Apparently Zach Brown <zabzabbo.net> wrote:

 
> On Wed, May 31, 2000 at 07:59:37PM +0100, Chris Evans wrote:
 
>> If you want secure logs best to
>> 1) Log to read-only media e.g. line printer
>> or
>> 2) Log to remote host. Remote host should be a minimal system only running
>> syslog. Or better, a home cooked daemon which reads from a network socket
>> and writes to a file. The latter solution is better because it is easier
>> to audit and verify as secure.
 
> for increased paranoia, used hardwired hw addresses and cut the loggers tx
> pair. log in at console with insane auth to get at the logs..
 
> --
> zach

 Of course you could use a null modem or PLIP cable. There's no way
 to sniff or spoof one of those (without physical access). On the
 null modem cable, you don't even run any networking protocol ---
 the loghost just listens, the logging client just sends to a
 "virtual serial printer"

 (Presumably one could also do a sort of "null modem"
 reciever/driver for your PLIP cable, rather than running PLIP
 PPP/IP protocol over that line.)

 The loghost can be constructed with NO network card in it --
 such that physical access is required for interactive access.
 
   

--
Jim Dennis         Technical Research Analyst            Linuxcare, Inc.
           jdennislinuxcare.com, http://www.linuxcare.com/
             415 740-4521                415 701-7457 fax
                 Linuxcare: Support for the Revolution