A way to monitor your files
Blair P. Houghton
bph at buengc.BU.EDU
Sun Sep 10 08:43:02 AEST 1989
In article <29114 at news.Think.COM> barmar at think.COM (Barry Margolin) writes:
>If the system is C2 secure or better he wouldn't be able to hide
>completely[...]
>for instance, he could turn access auditing off and
>on around his access to the file, but the operation of disabling
>auditing would have to be audited (and a C2 system is not permitted to
>allow even the superuser to disable this audit), so all you would know
>is that he did something he wanted to hide during this time.
So, then, "or better" would have to prevent logging from being
disabled, or would have it hardware-implemented, dumping bits
into a very large place.
Any good books on the subject (I ask to prevent inciting yet another
discussion of secure unix systems such as the ones a few weeks ago
that I never expected I'd be interested in and so used the magic k
key on them... :-( )?
>In general, it's very hard to protect oneself against omnipotent
>beings.
Especially if you are one.
--Blair
"And I think I speak for
about half the procrastinators
on the net when I say that... :-)"
More information about the Comp.unix.questions
mailing list