Another thing to consider would be to "pull" the logs from the machines to the logserver, rather than "pushing" them. What I mean by this is that you want to have your logserver be the most secure box on your network since it contains your logs. Rather than letting all of the client machines log into it, which requires that some level of trust is given to them, you set up ssh keys so that all of the client machines allow the logserver to log into them instead using host-based public-key authentication. (Okay, so maybe the logserver being "the most secure box on your network" is a bit extreme, but you get the point - if someone compromises a machine on your network, you don't want them being able to gain access to your logserver as well to erase what's left of the legitimate logs.) This would allow you to set up automated log retrieval jobs on your logserver that go and get the logs from the clients, and anyone who would compromise a client machine still has no access to your log server. On your log server, you would then disallow any logins, except maybe an ssh public-key authenticated session from another "trusted" machine. Host-based authentication would be disallowed on the logserver itself. Just some thoughts... ================================================================== Mike Messick Dona nobis pacem rm -rf /bin/laden PGP Key Fingerprint: email: mikemat_private 2048/0x57318496 053B 412B 82FC 3808 E141 CDCD 74AE 01C5 5731 8496 On Mon, 18 Feb 2002, Eric Mauricio wrote: > --- Radek Spacil <spacilat_private> wrote: > > Another question is about ssh transfer. How to > > automate upload (rsync > > or scp) without necessity of typing in passphrase - > > is ssh key without > > passphrase OK? Then this could work from cron > > easily. Of course I > > would create special user for this uploads, with > > limited rights > > (e.g. chroot /var/log on the server, no shell, etc). > > I use ssh/scp login without typing a passphrase for > coping oracle archive logs. > If you guard well the user directories that will have > the RSA key, it's not a problem. No one could login in > your server without the rsa public key. > > [], > ericmau > > > > ===== > "Accurate measurement is the begining of all wisdom." > - Imhotep c.a. 2650 B.C. > > _______________________________________________________________________________________________ > Yahoo! GeoCities > Tenha seu lugar na Web. Construa hoje mesmo sua home page no Yahoo! GeoCities. É fácil e grátis! > http://br.geocities.yahoo.com/ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: loganalysis-unsubscribeat_private > For additional commands, e-mail: loganalysis-helpat_private > --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Mon Feb 18 2002 - 12:49:29 PST