g*s
发帖数: 12 | 1 【 以下文字转载自 Linux 讨论区 】
【 原文由 GTS 所发表 】
My new boss is pushing me at this question so much. :(
I think it over and over but can not get it.
- Today, you mentioned the role of a secure logging facility to
help admins discover penetrations (after the fact).
Design such a logging facility for an open system such as Linux.
Assume that the attacker's penetration will be logged, but the attacker
will then have root privilege. How do we ensure that the attacker cannot
then modify the log without the ad | z*******w
发帖数: 79 | 2 Check out LIDS, it can limit the root user's priviledge. I am
not sure if it can restrict a file can be "append" only.
If it can, then the problem can be solved easily.
1. Install LIDS
2. set the log file to be "append" only
3. start the logger
By the way, you can write the logger as a kernel module and use
LIDS to seal the kernel. If the logger is running as a process,
I think LIDS can hide it so that no user can kill it.
【在 g*s 的大作中提到】
: 【 以下文字转载自 Linux 讨论区 】
: 【 原文由 GTS 所发表 】
: My new boss is pushing me at this question so much. :(
: I think it over and over but can not get it.
: - Today, you mentioned the role of a secure logging facility to
: help admins discover penetrations (after the fact).
: Design such a logging facility for an open system such as Linux.
: Assume that the attacker's penetration will be logged, but the attacker
: will then have root privilege. How do we ensure that the attacker cannot
: then modify the log without the ad
|
|
