replacing rsyslogd in minimal with journald [was Re: systemd requires HTTP server and serves QR codes]
Konstantin Ryabitsev
icon at fedoraproject.org
Wed Oct 10 19:31:54 UTC 2012
On Tue, Oct 9, 2012 at 5:24 PM, Lennart Poettering <mzerqung at 0pointer.de> wrote:
> I am not generally against adding time-based rotation, but really, this
> is much less of a "necessity" than other things the journal provides,
> which syslog does not: for example per-service rate limits, and
> unfakable meta-data for log messages. I mean, really, how can we ship
> a syslog where every random user can fake messages, say they are from a
> privileged process and offer no way how to detect that?
I think you overestimate how much a sysadmin cares about fake
messages. The thing that's really important to a sysadmin is to make
sure that none of the REAL messages are lost. If someone fakes root
login entries by using something as trivial as "logger", I can easily
establish they are fake by looking at auditd logs. And then I would
*really* make that user regret their actions by using blunt
cryptanalysis tools.
So, it's not accurate to say that we don't currently have ways to detect that.
Regards,
--
Konstantin Ryabitsev
LinuxFoundation.org
Montréal, Québec
More information about the devel
mailing list