Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Anupam (frj780jdy85533001sneakemail.com)
Date: Sat Mar 02 2002 - 10:16:19 CST
I know I am being paranoid :-), being new to security, I am guess I am
allowed this liberty.
Question to the list:
Is there any way of 'safely' storing audit files on a remote-server?
I know this question is not very well formed. Let me explain with the
example. If one uses a syslog server, the data on syslog server becomes an
append-only file-system. This basically ensures that the only way the data
on this server can be erased is, if the syslog server is compromised.
- Pull audit files at regular intervals of time onto a more secure server,
and store the files by time-stamps. This way some sort of snap-shot is
- Is there a similar way to set-up a effectively append-only file system on
a remote server?
- I hear (might be wrong) that BSD supports append-only file systems, is
there something equivalent for Solaris (maybe via NFS)?
- Is there a way of doing this via NFS?
- Is there something better than the kludgy solution - automated
time-stamped file-pulls at regular intervals of time?
Even RTFM type posts are appreciated. I will summarize this post.