listuser wrote: >Now for a wierd idea, How about making an FS exclusievly for logging. An FS which will not support any editing of data once written, ie only appending, which computes a hash of each line and stores them seperatly in another file etc. I am thinking about it now, may be, I might get some time to try to implement atlest some part of it. It'd probably be more effort than it's worth. General purpose computers are cheap enough nowadays that it's easier to throw hardware entities at a problem than to make major kernel changes (and you'd still have to deal with securing the platform) How's this for a goofy idea: build a PC that's a write-only log disk device. It'd plug into the firewire port of another PC and present a queuing file system as a storage device. The queuing file system would allow creates, appends, and renames but no truncates, deletes, or file time updates. The queing directory might be a RAID (why not) if you care and you might (optionally) have an expiration process that controls how long files are kept on the system before they are removed. The system could keep hashes, and could do backups to DVD-RAM, etc. If the thing looks like a big hard disk and only implements the hard disk interfaces, then it'd be pretty much tamper-proof. I don't know enough about USB and firewire - can a PC act as a client device as well as a server? I know you can do networking over firewire so it ought to be possible.. mjr. --- Marcus J. Ranum http://www.ranum.com Computer and Communications Security mjrat_private _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Wed Dec 18 2002 - 12:16:23 PST