IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

Safeguard Catalogue - Hardware & Software Remarks<br />

____________________________________________________________________ .........................................<br />

S 4.106 Activation of system logging<br />

Initiation responsibility: Head of <strong>IT</strong> Section, <strong>IT</strong> Security Management<br />

Implementation responsibility: Administrator<br />

<strong>The</strong> native Unix logging tool syslog is used to record information which is<br />

generated by the operating system or by application processes. It is important<br />

that security-relevant events, such as attempted logins and execution of the<br />

command su, are logged and available for processing and interpretation at a<br />

later time.<br />

<strong>The</strong> required daemon syslogd is normally started automatically and configured<br />

via file /etc/syslog.conf. <strong>The</strong> granting of rights must be performed in such a<br />

way that only system administrators can change this file and that the log files<br />

contained in /var/log and /var/adm can only be read by system administrators.<br />

All changes made to /etc/syslog.conf must be documented. When making<br />

modifications to the existing <strong>IT</strong> system, at first everything should be logged.<br />

After that, individual areas can be deactivated in stages as required. <strong>The</strong> /var<br />

partition must be sufficiently large to accommodate the log files. <strong>The</strong> example<br />

of a configuration file set out below is based on a SunOS configuration and<br />

specifies a detailed logging procedure in various files.<br />

#ident<br />

#<br />

#<br />

"@(#)syslog.conf 1.3 93/12/09 SMI" /* SunOS 5.0 */<br />

# All messages are sent to a loghost which has to be defined in the<br />

# /etc/hosts file.<br />

#<br />

#<br />

# TAB must be used as separator!<br />

#<br />

# Test: . Start syslogd with the option "-d"<br />

# . Start syslogd with kill –HUP after each change to this file.<br />

# . <strong>The</strong> log file must already exist prior to start-up / reboot.<br />

# . Test messages can be generated for each facility and<br />

#<br />

#<br />

#<br />

priority with /usr/ucb/logger.<br />

*.err;kern.warning;auth.err;daemon.err /dev/console<br />

*.alert;kern.err;daemon.err operator<br />

*.alert root<br />

# Displays emerg messages on terminals (uses WALL).<br />

*.emerg *<br />

#<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!