HPE Community
Operating System - HP-UX
1753598 Members
6673 Online
108796 Solutions
New Discussion юеВ

system log files permission

 
Crystal_1
Frequent Advisor

тАО05-29-2002 05:52 AM

тАО05-29-2002 05:52 AM

system log files permission

Hi,

I am writing a security set up doc...and thinking if I should disenable "other" group to read system log files, such as

/etc/rc.log
/etc/shutdownlog
/var/adm/syslog/syslog.log
/var/adm/btmp
/etc/utmp
/var/adm/wtmp
....

Fromm the security's perspective, hackers can get much useful info from those log files.

Give me your ideas? If this action is made, will it affect the system or user's activities?

Tx, Crystal
0 Kudos
Reply
4 REPLIES 4
Sebastian Galeski_1
Trusted Contributor

тАО05-29-2002 05:57 AM

тАО05-29-2002 05:57 AM

Re: system log files permission

Hi i would not recomend You modify permition to this file because logging system can fail.
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

тАО05-29-2002 06:03 AM

тАО05-29-2002 06:03 AM

Re: system log files permission

Hi Crystal:

Logs like /etc/utmp are used by commands like 'who', so be careful there. I suppose you could remove the read privilege from the others without great loss.

If you are really serious about tightening the security of your server, start by looking at this classic document:

http://www.kbeta.com/SecurityTips/Checklists/HPUX_11_Bastion_Guide.htm

Regards!

...JRF...
0 Kudos
Reply
MANOJ SRIVASTAVA
Honored Contributor

тАО05-29-2002 06:04 AM

тАО05-29-2002 06:04 AM

Re: system log files permission

Hi Crystal


You should not modify the default rights and setting of these files , if a hacker can access /etc and /var then there is more damage he can do to the system . It is better to use the standard tools of security , the latest one was posted in the link below .

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0xc2d291ccb36bd611abdb0090277a778c,00.html


Manoj Srivastava
0 Kudos
Reply
Steven Sim Kok Leong
Honored Contributor

тАО05-29-2002 05:45 PM

тАО05-29-2002 05:45 PM

Re: system log files permission

Hi,

I suggest that you do not modify the default permissions.

Refer also to Center for Information Security (CIS) security benchmark for HP-UX 10.20, 11.00 and 11i. Included is a set of rules to achieve level 1 security benchmark:

http://www.cisecurity.org/bench_HPUX.html

There is also a scoring tool which provides a "quick and easy way to evaluate your HP-UX system and compare their level of security against the CIS minimum due care security Benchmark. Tool reports guide system administrators to harden both new installations and active production systems. The tool is also effective for monitoring systems to assure that security settings continuously conform with the Benchmark."

Hope this helps. Regards.

Steven Sim Kok Leong

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.