Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 22 Aug 1998 00:03:38 -0700 (PDT)
From:      Ben <spy@tyr.office.efn.org>
To:        Andrew McNaughton <andrew@squiz.co.nz>
Cc:        "Jan B. Koum " <jkb@best.com>, ben@efn.org, Jon Hamilton <hamilton@pobox.com>, Garrett Wollman <wollman@khavrinen.lcs.mit.edu>, dima@best.net, jkh@time.cdrom.com, security@FreeBSD.ORG
Subject:   Re: Shipping syslogd with "-s" (Was: Re: Scaring the bezeesus ..)
Message-ID:  <Pine.BSF.3.96.980821234910.26762F-100000@Tyr.office.EFN.org>
In-Reply-To: <Pine.BSF.3.96.980822175255.12678A-100000@aniwa.sky>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sat, 22 Aug 1998, Andrew McNaughton wrote:
> Subject: Re: Shipping syslogd with "-s" (Was: Re: Scaring the bezeesus ..)
> 
> On Fri, 21 Aug 1998, Jan B. Koum  wrote:
> 
> >From the syslogd man page I'm not entirely clear on how these options
> interact.
> 
> >   -a allowed_peer
> >         Allow allowed_peer to log to this syslogd using UDP datagrams.
> >         Multiple -a options may be specified.
> 
> If one has to specify that a host is allowed to log packets to this host,
> then it seems reasonable to assume that this is not allowed unless so
> specified ... or perhaps that's only the case if -s is used?

>From syslogd.c:
                case 'a':               /* allow specific network addresses only */
                        if (allowaddr(optarg) == -1)
                                usage();
                        break;
So, deny all, except these host's you specify with -a host.org -a ip.ip.ip.ip

> 
> >   -s      Operate in secure mode.  Do not listen for log message from
> >           remote machines.
> 
> I'd have thought that meant syslogd didn't even look at incoming packets
> if this was set, which I suppose reduces the chance of some bug turning up
> in it ... or perhaps the default is that packets are accepted? 

>From syslogd.c:
                case 's':               /* no network mode */
                        SecureMode++;
                        break;
Specifying both -s and -a is like fueling up your car and taking out the engine.

> 
> 
> Could someone clarify this?  Preferably the man page should be clarified. 

The man page does need a bit of clarification, adding the fact that 'a' and 's'
are mutually exclusive, that -s kills all network activity, and that 'a's 
policy is default DENY would be very helpful.

> 
> Is there a way to send log entries to a remote machine from the command
> line so I can more easily test how this works?

No just add a @host in syslogd.conf and HUP it.

> Andrew McNaughton

	-ben@efn.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980821234910.26762F-100000>