Tim: >> Well, if you are being security minded, logs on the same machine >> can't be trusted. Because someone who can break in, can do >> something to change the logging. ;-)
Jake Shipton: > This is true, which is why most of my logs are mailed locally to a > separate user account which is solely used for mailing, and then > checked by my mail client, which will then move them via IMAP to my > Gmail inbox :-). > > Whilst logs could be intercepted prior to being mailed to that > separate user account and fetched by my mail client, I would receive a > nearly instant mail on an actual break in attempt (Lets say for sake > of argument, an SSH Brute Force) Well, it's more likely a case of stopping something being logged in the first place, rather than altering logs in transit. If you were in that sort of hacked situation. -- [tim@localhost ~]$ uname -r 2.6.27.25-78.2.56.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
