Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am going to look at swatch and some other logging utilities but I really only need something very simple in nature and don't want to bother with the overhead of using some complicated utility.
It will be as secure, or lacking thereof, as normal email. The tail itseld is harmless. The only insecure part is the email. Depending on traffic, you might get a large number of emails. You could look at encrypting it using pgp or something from your sendmail server.
Distribution: Slackware, (Non-Linux: Solaris 7,8,9; OSX; BeOS)
Posts: 1,152
Rep:
There are potential problems, but probably not something you need to worry about:
Quote:
found at http://packetstormsecurity.nl/0006-exploits/
xterm denial of service attack - By sending the VT control characters to resize a window it is possible to cause an xterm to crash and in some cases consume all available memory. This is a problem because remote users can inject these control characters into your xterm in many different ways. This sample exploit injects these control characters into a web get request. If an admin were to cat this log file, or happened to be doing a "tail -f access_log" at the time of attack they would find their xterm crashed. Tested against rxvt v2.6.1 and xterm (XFree86 3.3.3.1b(88b).
With the firewall in place though, I don't see how they could ever get access to the xterm or resize it? Also, you wouldn't want to tie this to an xterm anyway. You want it in your startup services or at least
nohup tail -f ... &
That starts it as a free process not dependant on an xterm. You could even start it as a reswanable process in case it died, but don't personally know how to do that.
Goes to show ya though, there is nothing that can be done on a computer that is ever 100% safe.
Distribution: Slackware, (Non-Linux: Solaris 7,8,9; OSX; BeOS)
Posts: 1,152
Rep:
Quote:
Originally posted by RolledOat With the firewall in place though, I don't see how they could ever get access to the xterm or resize it? Also, you wouldn't want to tie this to an xterm anyway. You want it in your startup services or at least
nohup tail -f ... &
That starts it as a free process not dependant on an xterm. You could even start it as a reswanable process in case it died, but don't personally know how to do that.
Goes to show ya though, there is nothing that can be done on a computer that is ever 100% safe.
RO
The point wasn't the xterm, the point was that it's not
inconcievable for someone to use, for example, a malformed web
request to cause tail -f to perform something beyond its normal
duty. For what WeNdeL was proposing, it probably wouldn't
be a problem, since he seems interested in kernel messages, not
external messages.
Nothing is really ever 100% secure.
well... I figured out a different way to do this... basically wrote a script (run via a cron job every minute) that greps my kernel log for all of my log-prefixes and then keeps count of each violation through the use of a tab delimited database file...
i compare the counts from the last run of this script to the present one and then email/page myself if someone is hitting my box in an undesirable way...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.