g*s
发帖数: 12 | 1 【 以下文字转载自 Linux 讨论区 】
【 原文由 GTS 所发表 】
Design such a logging facility for an open system
such as Linux.
Assume that the attacker's penetration will be logged,
but the attacker will then have root privilege.
How do we ensure that the attacker cannot
then modify the log without the admin detecting that?
多谢多谢 |
p**e
发帖数: 11 | 2 不知道这样回答对不对?
如果你设置成让root只从console登陆, 其他的登陆只有su权限, 是不是可以?
【在 g*s 的大作中提到】
: 【 以下文字转载自 Linux 讨论区 】
: 【 原文由 GTS 所发表 】
: Design such a logging facility for an open system
: such as Linux.
: Assume that the attacker's penetration will be logged,
: but the attacker will then have root privilege.
: How do we ensure that the attacker cannot
: then modify the log without the admin detecting that?
: 多谢多谢
|
p******f
发帖数: 162 | 3
no, hackers can get root shell without logon or su, they can overflow
server deamons from remote, or SUID progrom with local access.
【在 p**e 的大作中提到】
: 不知道这样回答对不对?
: 如果你设置成让root只从console登陆, 其他的登陆只有su权限, 是不是可以?
|
j***y
发帖数: 87 | 4 use a printer to print out the log in real time by configuring the
output file to the printer.
or use a serial cable to connect to a standalone machine, and dump the log
file to that machine through the serial cable synchronously.
or use a cd-writer which doesn't have the erase function as the log file.
【在 g*s 的大作中提到】
: 【 以下文字转载自 Linux 讨论区 】
: 【 原文由 GTS 所发表 】
: Design such a logging facility for an open system
: such as Linux.
: Assume that the attacker's penetration will be logged,
: but the attacker will then have root privilege.
: How do we ensure that the attacker cannot
: then modify the log without the admin detecting that?
: 多谢多谢
|
g*s
发帖数: 12 | 5 那一天要打印多少次啊
查起来不累死了
定时打印是不安全的 只有一有新数据就打印 而且只打印上回没有的部分
是不是呢?
【在 j***y 的大作中提到】
: use a printer to print out the log in real time by configuring the
: output file to the printer.
: or use a serial cable to connect to a standalone machine, and dump the log
: file to that machine through the serial cable synchronously.
: or use a cd-writer which doesn't have the erase function as the log file.
|
