On Wed, 6 Nov 2002, John Fitzgerald wrote: > ...seeing you mention logtail I guess you could use tail -f from a > process outside the chrooted area (i.e a process that even a compromised > syslogd can't touch) and pipe that through to a secured area on the > system. You certainly could. The only thing that tail doesn't provide is some way of recovering if the process dies, gets killed, or otherwise gets interrupted. Logtail keeps track of where it left off, which is really the only reason to -not- use tail. Otherwise, if you have a way of protecting against such things, tail -f, a named pipe or even a socket would do the trick. Ben ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Nov 07 2002 - 04:21:53 PST