LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-10-2019, 11:41 AM   #1
l0f4r0
Member
 
Registered: Jul 2018
Location: Paris
Distribution: Debian
Posts: 852

Rep: Reputation: 286Reputation: 286Reputation: 286
Question To what extent sending logs to a remote server is secure?


To what extent sending logs to a remote server is *secure* please?
I mean security regarding a black-hat, not regarding natural incidents like fire, flood, physical failure...

In other words, what measures prevent the black-hat to access my destination server and temper my remote logs as soon as (s)he gets access to my source server (assuming he has escalated his/her permissions and become root)? Indeed, can (s)he take advantage of the existing log connection (let's say it is done through ssh via pre-installed certificates) between the two servers to access&compromise the remote one?

It it a matter of firewalling/protocols somewhere? Or maybe a kind of system where only data can be sent but not removed or retrieved (like unidirectional glass-recycling bins)?

Many thanks in advance!

Last edited by l0f4r0; 08-10-2019 at 11:45 AM.
 
Old 08-10-2019, 11:43 AM   #2
scasey
Senior Member
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.6
Posts: 3,649

Rep: Reputation: 1213Reputation: 1213Reputation: 1213Reputation: 1213Reputation: 1213Reputation: 1213Reputation: 1213Reputation: 1213Reputation: 1213
Quote:
Originally Posted by l0f4r0 View Post
assuming he has escalated his/her permissions and become root
Given that assumption, nothing is secure. Just sayin'
 
Old 08-10-2019, 01:31 PM   #3
l0f4r0
Member
 
Registered: Jul 2018
Location: Paris
Distribution: Debian
Posts: 852

Original Poster
Rep: Reputation: 286Reputation: 286Reputation: 286
Quote:
Originally Posted by scasey View Post
Given that assumption, nothing is secure. Just sayin'
Being root on the local server doesn't mean being able to retrieve&temper the remote logs. However, (s)he can send garbage logs...
 
  


Reply

Tags
log, security


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Back up logs file and create a script showing the backed up logs and the running logs Billy_6052 Programming 5 12-13-2014 02:32 AM
Enable Audit logs to send logs to syslog-ng (remote server) Iyyappan Linux - Server 5 01-07-2014 04:15 PM
[SOLVED] auditd never logs arguments when sending to remote server julienr78 Linux - Security 2 11-30-2011 02:02 PM
Sending 3rd party logs to remote syslog server OlRoy Linux - Server 3 12-24-2008 06:06 PM
LVM: How to create logical (physical) volume with extent sie 32 Mb consistgd Linux - Software 4 11-14-2006 05:03 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:57 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration