[322] in Coldmud discussion meeting

root meeting help first first in chain previous in chain previous next last

Re: logging, fact and fiction

daemon@ATHENA.MIT.EDU (Tue May 24 15:05:55 1994 )

Date: Tue, 24 May 1994 11:54:54 -0700
From: rayn@q.crossaccess.com (Ray Nawara jr.)
To: coldstuff@MIT.EDU
In-Reply-To: <9405241808.AA09597@tungsten.seattle.geoworks.com> (weber@tungsten.seattle.geoworks.com)

Eric says:

> It seems like a good idea to run an external program on the text
> dump to watch for certain types of changes to $sys, such as changes
> to verb code or security related properties.  This wouldn't give you
> any information on precisely when or how a change occurred, but
> would give you an out-of-db method for noticing an attack that
> slipped through the log somehow.

It wouldnt be too difficult to write a perl script that periodically
checked the textdump for such changes, and could in addition make a
backup copy (and do other nifty maintenace things). Of course how much
processor time would be eaten up by it, I'm not sure. You could even
(I think) modify backup so that it called this script first, and only
the site admin could turn it off. (of course, being able to just
change shutdown would make that useless). But if the script didnt
overwrite the backup if certain criteria were met, and could kill the
server if others were met, then it might be useful for a high-security
situation.

Of course, I want to get a running server and DB before I work on
extra security measures :)

	Ray