Keith Stevenson <k.st...@louisville.edu> writes:
in the case of a root compromise all local logs are useless since they may
have been altered by the attacker. (After all, they can't _all_ be script
That would be the case for logs that don't have the sappnd flag set.
You *do* set the sappnd flag on your security-related logfiles, don't you?
To Unsubscribe: send mail to majo...@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message