Re: [SAGE] Re: Official sudosh announcement

[Doug Hanks <dhanks@gmail.com>]

Hi Adam,

I see your attitude is just as worse as Bill's if not worse.  I'll
assume this isn't the general attitude of SAGE?

You mentioned that using another logging mechanism other than syslog
would be a good idea.  Can you please explain another mechanism that
is more secure than syslog, and most importantly, impervious to
tampering?  I would more than likely consider such an idea in my new
release.

Thanks in advance,

On Fri, 1 Oct 2004 12:32:58 -0400 (EDT), Adam S. Moskowitz
<adamm@menlo.com> wrote:
> On Fri, 1 Oct 2004 09:07:59, Doug Hanks <dhanks@gmail.com> wrote:
> > Thanks for the feedback. I'll just ignore your attitude, because I
> > know it runs rampant in the technical community.
> 
> Attitude or not, Bill has a very real, very valid, very serious point.
> 
> > sudosh provides accountability through syslog.
> 
> "[A]ccountability through syslog" is an oxymoron. syslog message are not
> secure, are easily diverted/modified/falsified, fake messages can easily
> be sent to the central log host, etc. This certainly wouldn't stand up
> in court, and I seriously doubt that it would meet the SOx requirements.
> 
> > Nothing else out there does.
> 
> And with good reason: Using syslog for accounting is neither reliable
> nor secure.
> 
> The basic idea of sudosh (a root shell with full logging) is good, but
> it requires a better remote logging mechanism than syslog. Claiming that
> sudosh, using syslog, would meet SOx requirements is at best
> disingenuous, at worst negligent.
> 
> AdamM
> 



-- 
- Doug Hanks = dhanks(at)gmail(dot)com