This also puts inoticoming in place of incrond which was unsafe (its use of system() allows for an attacker to execute arbitrary commands by using malicious filenames) and made it impossible to see any logs on AWS CloudWatch. The current approach logs with no buffering, leading to an "almost realtime" stream on CloudWatch.
This also puts inoticoming in place of incrond which was unsafe (its use of
system()
allows for an attacker to execute arbitrary commands by using malicious filenames) and made it impossible to see any logs on AWS CloudWatch. The current approach logs with no buffering, leading to an "almost realtime" stream on CloudWatch.