Bootable CD w/OS for firewall

miah jjohnson at sunrise-linux.com
Wed Sep 15 10:57:40 EDT 2004


On Wed, Sep 15, 2004 at 10:54:45AM -0400, Don Levey wrote:
>  wrote:
> > On Wed, Sep 15, 2004 at 10:23:47AM -0400, Don Levey wrote:
> >> A quick reboot will solve all of that - the same files come up
> >> again, just as I burned them.
> >
> > Which may get you immediately re-owned, if that's all you do.
> >
> >> Keeping a hard disk around for logs means that, well, I can keep
> >> logs of any activity.  Very useful; that's why we havethem.
> >
> > A potentially better solution is to log remotely to a different
> > machine connected to your side of the firewall.  Then if the machine
> > is compromised, it''s much less likely (if you've taken apropriate
> > measures) that the system's logs will be modified at the time of the
> > compromise.  They'll be on a different machine entirely, which may
> > (should) not have easy attack vectors from the firewall box.
> 
> Good points, both.  I'd need to have the machine up so that I can figure out
> what I need to fix, so hopefully after a reboot I'd have at least a little
> time.  How would I go about logging remotely?  It's not as if I could
> NFS-mount another drive, that'd be subject to the same problem.

syslog supports remote logging.

-miah



More information about the Discuss mailing list