Manualshelf

Setup guide

ManualsBrandsApple ManualsComputer equipmentMac OS X Panther
61626364656667686970
UNCLASSIFIED
UNCLASSIFIED
56
Chapter 4 –
Configuring System Settings
DayOf DayOf
#Minute Hour Month Month Week User Command
15 12 * * 2 root periodic weekly
Remote Logging
Using remote logging is recommended in addition to local logging because local logs
can easily be altered if the system is compromised. However, remote logging is not
always possible; a laptop, for example, may not always be connected to a network
and therefore can only store logs locally. Several security issues must also be
considered when making the decision to use remote logging. First, the syslog
process sends log messages in the clear, which could expose sensitive information.
Second, too many log messages will fill storage space on the logging system,
rendering further logging impossible. Third, log files can indicate suspicious activity
only if a baseline of normal activity has been established, and if they are regularly
monitored for such activity.
The following instructions assume a remote log server has been configured on the
network. Although it is possible to configure a Mac OS X system as a remote log
server, that topic is out of the scope of this guide. To enable remote logging for a
client:
1. Start the Terminal application, in /Applications/Utilities.
2. To edit /etc/syslog.conf as root, issue the command:
sudo pico /etc/syslog.conf
3. Add the following line to the top of the file, replacing your.log.server with
the actual name or IP address of the log server. Make sure to keep all other
lines intact:
*.* @your.log.server
4. Exit, saving changes.
5. Send a hangup signal to syslogd to make it reload the configuration file:
sudo killall –SIGHUP syslogd
Disabling Hardware Components
Hardware components such as wireless features and microphones should be
physically disabled if possible. Only an Apple Certified Technician should physically
disable these components, which may not be practical in all circumstances. The
following instructions provide an alternative means of disabling these components
by removing the associated kernel extensions. Removing the kernel extensions does