Solaris CX-310-301 Bedienungsanleitung PDF herunterladen (Seite 28)

Solaris 9 Security CX-310-301 27

*.err;kern.notice;auth.notice /dev/sysmsg

*.err;kern.debug;daemon.notice;mail.crit /var/adm/messages

*.alert;kern.err;daemon.err operator

*.alert root

*.emerg *

# if a non-loghost machine chooses to have authentication messages

# sent to the loghost machine, un-comment out the following line:

#auth.notice ifdef(`LOGHOST', /var/log/authlog,

@loghost)

mail.debug ifdef(`LOGHOST', /var/log/syslog,

@loghost)

# non-loghost machines will use the following lines to cause "user"

# log messages to be logged locally.

ifdef(`LOGHOST', ,

user.err /dev/sysmsg

user.err /var/adm/messages

user.alert `root, operator'

user.emerg *

)

Note the following about the output above:

¾ Multiple facilities and priorities can be assigned to a single entry

¾ The action column on the right hand side can be to write to a file, a device, or to send email to

specified users

¾ Conditions can also be applied to entries, for example, only if LOGHOST is defined (a loghost

entry is present in the /etc/inet/hosts file)

¾ The last six lines define actions to take if LOGHOST is not defined, so that messages are still

written locally if this situation is encountered

¾ By default, the auth.notice entry is commented out. It is a good idea to log all authorization

messages to the file /var/log/authlog, because it makes it easier to spot important login failure

messages

Configuring syslog to Log Centrally

A professional attacker will try to cover his/her tracks by modifying the system logs so that there is no

evidence that an attack even took place. This is done quite easily if the attacker has gained privileged

1 2 ... 23 24 25 26 27 28 29 30 31 32 33 ... 76 77

Keine Kommentare

Solaris CX-310-301 Bedienungsanleitung Seite 28