Secure syslog host
A modest machine with enough disk
Almost no network services offered
Accepts syslog requests from local hosts and writes them to disk as insurance against hacker interference with those hosts
Could also serve as the read-only repository for the Tripwire databases
Not currently in use but under consideration
Notes:
Some of the system logs on the hacked systems appeared to have been erased or otherwise interfered with after the hacker got in. This could be embarrassing. We are seriously considering having a very secure machine whose only job is to act as a “night safe” to which any of our systems could make syslog requests to create entries that a hacker could not subsequently interfere with.
Such a host would run a syslog daemon but would offer otherwise almost no network services. Even terminal logons can be limited to the machine’s own console and to a small subset of administrators.
Such a host would not need to be a powerful machine (even if the hacker managed to identify it and deluge it with network traffic it would presumably have already logged enough information to be useful).
This could also maybe be a secure home for the Tripwire databases; it could make them available via read-only mountable filesystems or via a carefully configured TFTP service(?)