I l @ ve RuBoard |
The remote log server should be a completely hardened system with only syslog, port 514, open . It should not depend on any external services except a secured time source. The syslog server, syslogd, should be configured to accept remote logging requests , the "-r" switch on Linux systems, and adding the syslog entry in the /etc/services file. All network services should be disabled. This is done by disabling the internet daemon, inetd, the rpc daemon, portmap or rpcbind, and any other network service. If remote administration is required, it should be enabled with a secure and auditable connection. |
I l @ ve RuBoard |