On Wed, Nov 06, 2002 at 05:22:09PM -0000, John Fitzgerald wrote: > To prevent an 'exploited' syslogd amending stored logs then you may be > able to set them to be append only (dependent upon the filesystem > being used) and/or you could have a higher privilege daemon copying > the logs to somewhere outside the chrooted area on a regular basis. > Does anybody know of an application that is optimized for copying > sequentially increasing files? tail(1). Or you could configure your syslogd to write into a pipe and have your "trusted" program read from the pipe in a loop and copy the data to another file. -- Nothing says, "Superpower" like bombing a country that is poor and hungry. -- Ken Brush
This archive was generated by hypermail 2b30 : Wed Nov 06 2002 - 19:15:05 PST