 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
wrote: > On Wed, Sep 15, 2004 at 10:23:47AM -0400, Don Levey wrote: >> A quick reboot will solve all of that - the same files come up >> again, just as I burned them. > > Which may get you immediately re-owned, if that's all you do. > >> Keeping a hard disk around for logs means that, well, I can keep >> logs of any activity. Very useful; that's why we havethem. > > A potentially better solution is to log remotely to a different > machine connected to your side of the firewall. Then if the machine > is compromised, it''s much less likely (if you've taken apropriate > measures) that the system's logs will be modified at the time of the > compromise. They'll be on a different machine entirely, which may > (should) not have easy attack vectors from the firewall box. Good points, both. I'd need to have the machine up so that I can figure out what I need to fix, so hopefully after a reboot I'd have at least a little time. How would I go about logging remotely? It's not as if I could NFS-mount another drive, that'd be subject to the same problem. -Don
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
