[Info-vax] ossec

[plugh]

On Saturday, April 8, 2023 at 11:35:17 AM UTC-7, Arne Vajhøj wrote:
> On 4/8/2023 1:52 PM, plugh wrote: 
> > On Saturday, April 8, 2023 at 9:55:49 AM UTC-7, Arne Vajhøj wrote: 
> >> On 4/7/2023 8:37 PM, plugh wrote: 
> >>> I think all that's necessary for the "hids" subsystem is to 
> >>> mount a VMS log directory in *nix. The parser is available now under 
> >>> the ossec server subsystem. 
> >> I am not sure that NFS mounting the directories where the critical 
> >> log files on VMS reside would be improving security. 
> > 
> > I disagree. I'm sure there's a way to safely mount disks R/O remotely 
> > even under VMS; which techniques depend on your definition of 
> > "secure". If that's what you're proposing for not researching porting 
> > the server architecture, fine. If VMS is too spavined to handle 
> > connections from a *nix server than this topic isn't worth 
> > discussing.
> security.audit$journal, accountng.dat and various log files 
> are in sys$manager. RDB put a log file in SYS$SYSTEM. 
> Apache log files are in APACHE$SPECIFIC:[LOGS], which is 
> disk:[SYS0.SYSCOMMON.APACHE.SPECIFIC.node.LOGS]. 
> 
> I do not like the idea of NFS mounting those directories 
> not even readonly with appropriate access control - too risky 
> that some critical information could leak out that way. 
> 
> Another way to to get information over to ossec has to be found. 
> IMHO. 
> 
> Arne

Can we limn that fear?