Subject:
|
Re: review: Radeon 7000 for BrickDraw3D, low-end Mac
|
Newsgroups:
|
lugnet.off-topic.geek
|
Date:
|
Wed, 17 Apr 2002 11:04:43 GMT
|
Viewed:
|
569 times
|
| |
|
|
In lugnet.off-topic.geek, John D. Forinash writes:
> I personally consider something like LIDS to be a better solution--
> Mandatory Access Control added on top of Unix. You can restrict, file
> by file, access-- so, for example, you can set the log files to have
> only "append only" access; you can't modify 'em except for adding to the
> end. You can set it up so that any file you don't need append access to
> for logging have _no_ writable access-- even by root. (Mandatory Access
> Control is cool that way.) Shutting down processes that arent the kernel
> gets you in a position where you have no logging and therefore no real
> intrusion detection.
Every Linux firewall I've seen is done differently. I have mine all
installed on a write-protected floppy (no HD), I re-compiled syslog to use a
different config file, hidden away as inconspicuously as possible, and it
logs to my main server. At least if it's hacked I *know* I've got some info
about what's happened, and can reset it by just cycling the power.
Of course it has a few other tricks to deter the hackers, too...
ROSCO
|
|
Message is in Reply To:
26 Messages in This Thread:
  
 
- Entire Thread on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
|
|
|
|
