On Wednesday, November 6, 2002, at 11:20 AM, Ben Boulanger wrote: > On Wed, 6 Nov 2002, John Fitzgerald wrote: >> ...seeing you mention logtail I guess you could use tail -f from a >> process outside the chrooted area (i.e a process that even a >> compromised >> syslogd can't touch) and pipe that through to a secured area on the >> system. > > You certainly could. The only thing that tail doesn't provide is some > way > of recovering if the process dies, gets killed, or otherwise gets > interrupted. I just run it as an entry in /etc/inittab on a hidden tty. That allows me to use the 'respawn' keyword so the init process takes care of keeping tail running for me. --- magicman ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Nov 11 2002 - 10:33:46 PST