[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] cobalt-security@xxxxxxxxxxxxxxx

Subject: Re: [cobalt-security] cobalt-security@xxxxxxxxxxxxxxx
From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
Date: Mon, 15 Oct 2001 19:29:07 +0200
Organization: Stauber Multimedia Design
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi Chae,

> Mike says log it and Kevin says don't - me being a not so newbie now (and
> after just having set up FCheck on a RAQ3) would like to know which one is
> it :>

My reason for logging it is as follows: /tmp (or /home/tmp, where it symlinks 
to) is a directory where anyone has write access. So for an intruder it's a 
logical choice to put his toys there at first.

I know quite well which two or three processes I have on the machine, that 
fairly often dump data into /tmp, so I will instantly recognize if there is 
something out of the ordinary in there. 

Only every couple of days I noticed activity in /tmp in so far it has always 
been legitimate. But my credo in regards to security is: better to be 
over-aware than to assume that everything is doing just fine while it - in 
reality - isn't.

-- 

With best regards,

Michael Stauber
SOLARSPEED.NET

Follow-Ups:
- Re: [cobalt-security] cobalt-security@xxxxxxxxxxxxxxx
  - From: Kevin D

References:
- [cobalt-security] cobalt-security@xxxxxxxxxxxxxxx
  - From: Render-Vue

Prev by Date: [cobalt-security] cobalt-security@xxxxxxxxxxxxxxx
Next by Date: Re: [cobalt-security] cobalt-security@xxxxxxxxxxxxxxx
Previous by thread: [cobalt-security] cobalt-security@xxxxxxxxxxxxxxx
Next by thread: Re: [cobalt-security] cobalt-security@xxxxxxxxxxxxxxx

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index