1. Home
  2. Linux systems
  3. Ppractical unix & internet security

21.8 Summary

Audit and log files are critical to the proper functioning of any secure computer. Without these files, there is no way to tell what has happened in the past?and, by extension, no way to prevent mishaps that you have experienced from happening in the future.

Although some Unix systems maintain their own log files, the vast majority of daemons and applications log using the Unix syslog facility. syslog is a powerful system that allows you to split or combine log events, selectively transfer log messages to other computers, and even run pages or shell scripts.

Merely keeping log files is not sufficient: you must examine some or all of your log files on a regular basis. And you must rotate and either purge or archive your logs on a regular basis, or else they will fill up your partition and cause your computer severe problems.

Understanding the records that your Unix system makes during its normal operation is often critical both to understanding its normal operation and recovering after a security incident. Good system administrators read their logs.



    		Preface
    		Part I: Computer Security Basics
    		Part II: Security Building Blocks
    		Part III: Network and Internet Security
    		Part IV: Secure Operations
    		Chapter 17. Keeping Up to Date
    		Chapter 18. Backups
    		Chapter 19. Defending Accounts
    		Chapter 20. Integrity Management
    		Chapter 21. Auditing, Logging, and Forensics
    		21.1 Unix Log File Utilities
    		21.2 Process Accounting: The acct/pacct File
    		21.3 Program-Specific Log Files
    		21.4 Designing a Site-Wide Log Policy
    		21.5 Handwritten Logs
    		21.6 Managing Log Files
    		21.7 Unix Forensics
    		21.8 Summary
    		Part V: Handling Security Incidents
    		Part VI: Appendixes
    		Colophon