> > Second, why don''t you implement a "black
box" log system ?
> > That''s all log generated by all hosts on your network is
forwarded
> > to a seperate log machine called black box. Such computer grants
> > no access to any body whatsoever except for user "root"
loginning on
> > the console.
>
> how to setup a secure "black-box"? AFAIK, syslogd communication
is not
> authenticated/encrypted, so it is vulnerable to
> spoofing/forging/eavesdropping/etc.
> Could IPsec be used for protecting of syslogd communication?
> what other
> means for protection are there? is any of this means usable
> for all UNIX
> hosts?
There''s secure-syslog, or you could look at tunneling through ssh, or
attaching a ''slip'' connection between the boxen (hard to
insert packets
on a serial cable :)), or even just hook up a dot matrix printer to the
back.
Dale
