Re: [logs] log review policies

• Previous message: Ralf Hildebrandt: "Re: [logs] log review policies"
• In reply to: peff-loganalat_private: "Re: [logs] log review policies"
• Next in thread: peff-loganalat_private: "Re: [logs] log review policies"
• Next in thread: Nick Vargish: "Re: [logs] log review policies"
• Next in thread: Marcus J. Ranum: "[logs] mailers (was Re: [logs] log review policies)"
• Reply: peff-loganalat_private: "Re: [logs] log review policies"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Oct 17, 2001 at 09:45:03PM -0400, peff-loganalat_private wrote:

> - attacker breaks into mail server
> - attacker deletes logs from mail server
> - admin has no idea that attack occurred

- admin was not running a data intergrity checker like tripwire or aide.
  Uh.

> Clearly, it's more secure to require a physical use of the log box, at

Definitely

-- 
Ralf Hildebrandt                            Tel.  +49 (0)30-450 570-155
                                            Fax.  +49 (0)30-450 570-916
This signature was added just to have one. ;-)



---------------------------------------------------------------------
To unsubscribe, e-mail: loganalysis-unsubscribeat_private
For additional commands, e-mail: loganalysis-helpat_private

• Next message: Nick Vargish: "Re: [logs] log review policies"
• Previous message: Ralf Hildebrandt: "Re: [logs] log review policies"
• In reply to: peff-loganalat_private: "Re: [logs] log review policies"
• Next in thread: peff-loganalat_private: "Re: [logs] log review policies"
• Next in thread: Nick Vargish: "Re: [logs] log review policies"
• Next in thread: Marcus J. Ranum: "[logs] mailers (was Re: [logs] log review policies)"
• Reply: peff-loganalat_private: "Re: [logs] log review policies"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Oct 18 2001 - 07:51:41 PDT