On Sun, December 13, 2015 3:19 pm, Alice Wonder wrote:
On 12/13/2015 12:45 PM, Valeri Galtsev wrote:
On Sun, December 13, 2015 11:36 am, Alice Wonder wrote:
On 12/13/2015 08:39 AM, Timothy Murphy wrote:
Alice Wonder wrote:
One of the benefits of systemd is the dependency based parallel
startup.
The same speed can often be achieved with system V init by fine tuning
when the services start but systemd does that automatically.
If it's no faster then why is it a benefit?
Binary logs with checksums is one benefit, much harder for a hacker or
malware to hide its tracks.
Without intent to be a pain in a... just respectfully disagreeing.
Harder only from the point of view current tools script kiddies use will not deal with then. Fundamentally better security/forensics wise would be to keep logs on remote secure server. Like in the very first computer security lesson: you can not trust anything on compromised machine.
It's a matter of knowing your machine has been compromised.
Yes and no. If you are lucky this may be the way you learn about compromise. If you are not, see below.
Modifying the binary logs to hide that you are there will result in checksum inconsistencies, removing a few lines from text logs will not.
Checksums are created and stored on the same machine. So, checksums can be "doctored" as well as logs can.
Yes, you can use text log to a remote machine to avoid that, but binary logs let you on the local machine.
But yes, there is nothing ultimate, so even remote logs I mentioned earlier can be trusted only up to the moment the compromise had happened, further logs sent by compromised machine can be garbage. Luckily one (bad guy) can not do everything simultaneously, so there will be some clues in remote logs about compromise. But I agree, anything making the job of bad guy more difficult helps, as we are just competing with them for time. Only having logs in binary form brings more disadvantages for _me_ than it offers advantages. But it's just me, so who cares ;-)
Valeri
--
Sent my from my laptop, may not be able to respond timely _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++