Hello, Le vendredi 13 juillet 2012 à 15:13 +0100, Mr Dash Four a écrit : > I just came across the pgsql script for the ulogd2 daemon supplied with the latest sources and since I intend to deploy it (upgrading my system from syslog-ng) I thought to ask about a couple of ideas I have. > > As I see it, the script does not have any security/permission policies created or implemented. Is such feature planned? No work is planned on that but it is a good idea. > > If not, I think I have enough PostgreSQL experience and could alter that script to include such implementation, though I might need help with the NFLOG/ULOGD2 part as I am fairly new to this. I'm here to help ;) > The idea I have is that the ulogd2 daemon should only be allowed INSERT permissions (nothing else) to the log tables, so that even if someone is able to hijack the ulogd2 connection to PostgreSQL somehow, they won't be able to see what has been logged, let alone alter it or delete it. That's a sane setup. > > For certain views, I am sure there is a need for SELECT permission and for others there would even be a need for USAGE or REFERENCES privileges. > > I tried to email the author of that script (Pierre - chifflier@xxxxxx), but my emails are not getting through for some reason. Thanks! INL company is dead but I'm sure that Pierre is still reading this ML from another mail ;) BR, -- Eric Leblond Blog: http://home.regit.org/ - Portfolio: http://regit.500px.com/
Attachment:
signature.asc
Description: This is a digitally signed message part
