Manualshelf

Setup guide

ManualsBrandsApple ManualsNetwork CardMac OS X Server
31323334353637383940
DayOf DayOf
#Minute Hour Month Month Week User Command
15 12 * * 2 root periodic weekly
3.10.3 Remote Logging
Using remote logging in addition to local logging is strongly recommended for any
server system because local logs can easily be altered if the system is compromised.
Several security issues must also be considered when making the decision to use
remote logging. First, the syslog process sends log messages in the clear, which
could expose sensitive information. Second, too many log messages will fill storage
space on the logging system, rendering further logging impossible. Third, log files
can indicate suspicious activity only if a baseline of normal activity has been
established, and if they are regularly monitored for such activity. If these security
issues outweigh the security benefit of remote logging for the network being
configured, then remote logging should not be used.
The following instructions assume a remote log server has been configured on the
network. Configuring Mac OS X Server to act as a remote log server is covered in the
System Services chapter. To enable remote logging for a client:
1. Open /etc/syslog.conf as root.
2. Add the following line to the top of the file, replacing your.log.server
with the actual name or IP address of the log server. Make sure to keep all
other lines intact:
*.* @your.log.server
3. Exit, saving changes.
4. Send a hangup signal to syslogd to make it reload the configuration file:
sudo killall – HUP syslogd
3.11 Disabling Hardware Components
Hardware components such as wireless features and microphones should be
physically disabled if possible. Only an Apple Certified Technician should physically
disable these components, which may not be practical in all circumstances. The
following instructions provide an alternative means of disabling these components
by removing the associated kernel extensions. Removing the kernel extensions does
not permanently disable the components; however, administrative access is needed
to re-load them and restore the capabilities.
Although disabling hardware in this manner is not as secure as disabling hardware
physically, it is more secure than only disabling hardware through the System
Preferences. This method of disabling hardware components may not be sufficient
26
UNCLASSIFIED