Firewall Wizards: Re: chroot useful?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Firewall Wizards mailing list archives

Re: chroot useful?

From: Adam Shostack <adam () homeport org>
Date: Fri, 21 Nov 1997 14:52:11 -0500 (EST)

chuck yerkes wrote:

|   Using the PROTOCOLS of a GP/OS IS a good idea.  By this I mean
| that configuring via a file or a secure web server (or whatever)
| and logging via syslog is good.

        Logging via syslog is never good.
        
        Syslog throws away information intentionally (facility.level
is discarded).  Syslog throws information away accidentally, by using
UDP as its transport.  Syslog has limited support for fail over
logging if a log host dies.  Syslog has no sequence/acknowledgement at
the application level for reliably ensuring that the message got to
the loghost and was written to disk.  Syslog has no authentication or
integrity checks, but that was excusable at the time it was written.

        Syslog, by the fact that it exists, discourages people from
writing real logging tools for UNIX.  I won't even start on
monitoring.


Adam



-- 
"It is seldom that liberty of any kind is lost all at once."
                                                       -Hume

By Date By Thread

Current thread:

Re: chroot useful?, (continued)
- Re: chroot useful? Paul McNabb (Nov 17)
- Re: chroot useful? Paul McNabb (Nov 17)
  - Re: chroot useful? C. Harald Koch (Nov 20)
- Re: chroot useful? Anton J Aylward (Nov 20)
  - Re: chroot useful? chuck yerkes (Nov 21)
    - Re: chroot useful? Adam Shostack (Nov 21)
- Re: chroot useful? Paul McNabb (Nov 20)
  - Re: chroot useful? Colin Campbell (Nov 21)
    - Small code (was Re: chroot useful?) chuck yerkes (Nov 23)
- Re: chroot useful? Anton J Aylward (Nov 21)