[Announce] Nulog 1.1.0 is available
eric at inl.fr
Sun Jul 3 23:43:15 CEST 2005
Le vendredi 01 juillet 2005 à 15:34 -0400, R. DuFresne a écrit :
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> considering the history of php, and many php applications and their
> bi-weekly appearance in the various sec lists for newly discovered vulns,
> how afe is this application and would one want to place it on or near
> their main security device?
This application exists since some years now and we have proceed to some
code audits and have carefully checked user entries to avoid SQL
injection or other problems.
The other point is that this application has not to be available for
evryone has it contains private information. Thus, it can be protected
from "bad people" by authentication or other mean. To be simple, access
has to be restricted to admins.
An other point is that permissions on the MySQL database should and can
be carefully set to have only read-only permission on the table
containing the ulogd/NuFW logs. This restricted permissions can assure
that the logged datas can not be corrupted. Futhermore, in the case of
an Ulogd installation, the logged packets can be duplicated in syslog,
thus any hypothetic datas corruption is armless.
Finally, as ulogd can log on a database running on a separate host, your
firewall is safe as there is no server running on it.
Eric Leblond <eric at inl.fr>
More information about the netfilter