From: Alex Efros <powerman@powerman.name>
To: 9fans@9fans.net
Subject: Re: [9fans] log oversight
Date: Mon, 16 Mar 2009 06:31:41 +0200 [thread overview]
Message-ID: <20090316043140.GB2753@home.power> (raw)
In-Reply-To: <3aaafc130903152055wf530678jde8d61aac045fb7@mail.gmail.com>
Hi!
On Sun, Mar 15, 2009 at 11:55:39PM -0400, J.R. Mauro wrote:
> > logs on unix are writeable by everyone:
> > [rminnich@Panzer ~]$ logger -p kern.err "JUNK"
> > [rminnich@Panzer ~]$ sudo tail -f /var/log/messages
> This didn't work on my linux box. I actually have:
> % ls -l /var/log/messages
> -rw------- 1 root root 960355 2009-03-15 23:51 /var/log/messages
[OT]
Actually, logger works using /dev/log:
# ls -l /dev/log
srwxrwxrwx 1 root root 0 Мар 13 18:55 /dev/log
After chmod 0700 /dev/log users will not be able to use logger anymore.
I usually have all services output logs to stdout (or fifo) and pipe them to
special logging tools like multilog or svlogd, which in turn run as user 'log'
and all these logs have permissions like:
# ls -ld /var/log/apache2/access{,/current}
drwxr-s--- 2 log root 4096 Mar 15 03:55 /var/log/apache2/access
-rw-r--r-- 1 log root 688994 Mar 16 06:11 /var/log/apache2/access/current
So, 'logs on unix' are very configurable and it's not correct to say they
are 'writeable by everyone'. There even no such thing as 'out of box'
setup in unix because it not designed to work 'out of box' and expect some
manual configuration first, :) also, for example, in linux there too many
distributions with different 'out of box' configurations - apache logs
configuration shown above is my 'out of box' configuration installed
automatically while installing Gentoo on new server using my portage overlay.
[/OT]
Back to original question - I think append only is 'good, but not enough'
for logs: adding fake records may hurt no less than mangling existing records.
Reading logs by unauthorized user also may be dangerous.
To solve these two issues you have to set log permissions similar to my
example above: nobody read and only root and log service able to write.
After that it become much less important is these logs are append-only or not
(if one really want to make logs append-only - use chattr +a).
--
WBR, Alex.
next prev parent reply other threads:[~2009-03-16 4:31 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-03-16 1:49 Jeff Sickel
2009-03-16 2:35 ` balaji
2009-03-16 3:04 ` erik quanstrom
2009-03-16 3:18 ` ron minnich
2009-03-16 3:55 ` J.R. Mauro
2009-03-16 4:31 ` Alex Efros [this message]
2009-03-16 6:30 ` ron minnich
2009-03-16 15:06 ` J.R. Mauro
2009-03-16 4:23 ` Nathaniel W Filardo
2009-03-16 4:36 ` Jeff Sickel
2009-03-16 13:37 ` erik quanstrom
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090316043140.GB2753@home.power \
--to=powerman@powerman.name \
--cc=9fans@9fans.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).