From: Mr Dash Four <mr.dash.four@googlemail.com>
To: Netfilter Developer Mailing List <netfilter-devel@vger.kernel.org>
Subject: pgsql-ulogd2
Date: Fri, 13 Jul 2012 15:13:03 +0100 [thread overview]
Message-ID: <50002CEF.508@googlemail.com> (raw)
I just came across the pgsql script for the ulogd2 daemon supplied with the latest sources and since I intend to deploy it (upgrading my system from syslog-ng) I thought to ask about a couple of ideas I have.
As I see it, the script does not have any security/permission policies created or implemented. Is such feature planned?
If not, I think I have enough PostgreSQL experience and could alter that script to include such implementation, though I might need help with the NFLOG/ULOGD2 part as I am fairly new to this.
The idea I have is that the ulogd2 daemon should only be allowed INSERT permissions (nothing else) to the log tables, so that even if someone is able to hijack the ulogd2 connection to PostgreSQL somehow, they won't be able to see what has been logged, let alone alter it or delete it.
For certain views, I am sure there is a need for SELECT permission and for others there would even be a need for USAGE or REFERENCES privileges.
I tried to email the author of that script (Pierre - chifflier@inl.fr), but my emails are not getting through for some reason. Thanks!
next reply other threads:[~2012-07-13 14:13 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-07-13 14:13 Mr Dash Four [this message]
2012-07-13 15:55 ` pgsql-ulogd2 Eric Leblond
2012-07-14 13:00 ` pgsql-ulogd2 Mr Dash Four
2012-07-14 21:22 ` pgsql-ulogd2 Eric Leblond
2012-07-15 12:24 ` pgsql-ulogd2 Mr Dash Four
2012-07-15 12:33 ` pgsql-ulogd2 Mr Dash Four
2012-07-15 20:52 ` pgsql-ulogd2 Eric Leblond
2012-07-15 22:36 ` pgsql-ulogd2 Mr Dash Four
2012-07-16 6:33 ` pgsql-ulogd2 Eric Leblond
2012-07-16 12:43 ` pgsql-ulogd2 Mr Dash Four
2012-07-17 23:29 ` pgsql-ulogd2 Mr Dash Four
2012-07-16 8:00 ` pgsql-ulogd2 Florian Westphal
2012-07-16 10:51 ` pgsql-ulogd2 Pablo Neira Ayuso
2012-07-16 12:52 ` pgsql-ulogd2 Mr Dash Four
2012-07-16 13:27 ` pgsql-ulogd2 Florian Westphal
2012-07-16 15:28 ` pgsql-ulogd2 Pablo Neira Ayuso
2012-07-17 23:29 ` pgsql-ulogd2 Mr Dash Four
2012-07-16 10:49 ` pgsql-ulogd2 Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=50002CEF.508@googlemail.com \
--to=mr.dash.four@googlemail.com \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).