LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

The Journal - a proposed syslog replacement

The Journal - a proposed syslog replacement

Posted Nov 20, 2011 4:39 UTC (Sun) by alankila (subscriber, #47141)
In reply to: The Journal - a proposed syslog replacement by endecotp
Parent article: The Journal - a proposed syslog replacement

Such locations can be constructed. Many people here seem to think that a dedicated syslog server is secure, and that would have no other function and no other visible ports except one which accepts data in syslog protocol. Logging every hash sounds like a solution whose overhead is comparable to just doing remote logging directly. There might be value in having some kind of middle ground.

Not every attack succeeds immediately, and it may take several tries to successfully exploit some race condition in a daemon. Once attacker breaks in through some local daemon, it still takes some time to download or build the relevant exploit utility, and to launch the secondary attack which finally gives root compromise.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds