Re: Parent Logging Patch for sh(1) - Michael Robinson - org.freebsd.freebsd-security

19 messages in org.freebsd.freebsd-securityRe: Parent Logging Patch for sh(1)

From	Sent On	Attachments
Omachonu Ogali	Jan 16, 2000 10:04 am
Will Andrews	Jan 16, 2000 12:03 pm
Omachonu Ogali	Jan 16, 2000 2:10 pm
Will Andrews	Jan 16, 2000 2:29 pm
Omachonu Ogali	Jan 16, 2000 3:11 pm
Sheldon Hearn	Jan 17, 2000 2:57 am
Adam	Jan 17, 2000 12:47 pm
Omachonu Ogali	Jan 17, 2000 6:03 pm
Keith Stevenson	Jan 17, 2000 8:20 pm
Michael Robinson	Jan 17, 2000 9:24 pm
Sheldon Hearn	Jan 17, 2000 10:09 pm
Omachonu Ogali	Jan 18, 2000 4:02 am
Sheldon Hearn	Jan 18, 2000 4:20 am
Omachonu Ogali	Jan 18, 2000 7:35 am
Cy Schubert - ITSD Open Systems Group	Jan 18, 2000 8:04 am
Omachonu Ogali	Jan 18, 2000 8:15 am
Sheldon Hearn	Jan 18, 2000 12:14 pm
Cy Schubert	Jan 18, 2000 1:42 pm
Robert Watson	Jan 18, 2000 3:59 pm

Subject:	Re: Parent Logging Patch for sh(1)
From:	Michael Robinson (robi...@netrinsics.com)
Date:	Jan 17, 2000 9:24:55 pm
List:	org.freebsd.freebsd-security

Keith Stevenson <k.st...@louisville.edu> writes:

However in the case of a root compromise all local logs are useless since they may have been altered by the attacker. (After all, they can't _all_ be script kidz.)

That would be the case for logs that don't have the sappnd flag set.

You *do* set the sappnd flag on your security-related logfiles, don't you?

To Unsubscribe: send mail to majo...@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets