When root meets immutable: OpenBSD chflags vs. log tampering

by
Thom Holwerda
from OSnews on (#6YR9W)

ISO 27001 is like that careful lawyer who never says exactly what they mean - it tells you what needs to be achieved, not how to do it. When it comes to logging, this is particularly telling: Control A.12.4.2 simply states that logging information and logging facilities shall be protected against tampering and unauthorized access." Period. How? That's your problem to solve.

Rafael Sadowski

It turns out OpenBSD has a few relatively simple tools to make logs immutable, in a way that not even root can delete or modify them, or change any of the logging schedules. Reading through the blog post, you don't even need a ton of intricate knowledge to set this up, thanks mostly to just how much innate sense OpenBSD tends to make, and how excellent the documentation is.

I have no need for this level of security, but if you do, you can set this up in a few minutes.

External Content
Source RSS or Atom Feed
Feed Location http://www.osnews.com/files/recent.xml
Feed Title OSnews
Feed Link https://www.osnews.com/
Reply 0 comments