LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

The Journal - a proposed syslog replacement

The Journal - a proposed syslog replacement

Posted Nov 19, 2011 18:59 UTC (Sat) by alankila (subscriber, #47141)
In reply to: The Journal - a proposed syslog replacement by alankila
Parent article: The Journal - a proposed syslog replacement

I wish to add additional detail to the middle paragraph. The idea is that once attacker enters a machine, there may be a log entry in syslog that shows evidence for it happening, some characteristic error message or whatever.

If the attacker wishes to hide this entry, he must almost immediately take over the logging system before it manages to save the top hash to secure location, because afterwards you can't unnoticeably remove those log entries.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds