LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   To what extent sending logs to a remote server is secure? (https://www.linuxquestions.org/questions/linux-security-4/to-what-extent-sending-logs-to-a-remote-server-is-secure-4175658929/)

l0f4r0 08-10-2019 11:41 AM
To what extent sending logs to a remote server is secure?
 
To what extent sending logs to a remote server is *secure* please?
I mean security regarding a black-hat, not regarding natural incidents like fire, flood, physical failure...

In other words, what measures prevent the black-hat to access my destination server and temper my remote logs as soon as (s)he gets access to my source server (assuming he has escalated his/her permissions and become root)? Indeed, can (s)he take advantage of the existing log connection (let's say it is done through ssh via pre-installed certificates) between the two servers to access&compromise the remote one?

It it a matter of firewalling/protocols somewhere? Or maybe a kind of system where only data can be sent but not removed or retrieved (like unidirectional glass-recycling bins)?

Many thanks in advance! :)

scasey 08-10-2019 11:43 AM
Quote:
Originally Posted by l0f4r0 (Post 6023735)
assuming he has escalated his/her permissions and become root
Given that assumption, nothing is secure. Just sayin'

l0f4r0 08-10-2019 01:31 PM
Quote:
Originally Posted by scasey (Post 6023736)
Given that assumption, nothing is secure. Just sayin'
Being root on the local server doesn't mean being able to retrieve&temper the remote logs. However, (s)he can send garbage logs...


All times are GMT -5. The time now is 12:52 AM.