From owner-freebsd-arch Mon Mar 20 21:18:18 2000 Delivered-To: freebsd-arch@freebsd.org Received: from ns1.yes.no (ns1.yes.no [195.204.136.10]) by hub.freebsd.org (Postfix) with ESMTP id 8A87B37B9F3 for ; Mon, 20 Mar 2000 21:18:12 -0800 (PST) (envelope-from eivind@bitbox.follo.net) Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218]) by ns1.yes.no (8.9.3/8.9.3) with ESMTP id GAA18941 for ; Tue, 21 Mar 2000 06:20:52 +0100 (CET) Received: (from eivind@localhost) by bitbox.follo.net (8.8.8/8.8.6) id GAA13303 for freebsd-arch@freebsd.org; Tue, 21 Mar 2000 06:18:06 +0100 (MET) Received: from dt051n0b.san.rr.com (dt051n0b.san.rr.com [204.210.32.11]) by hub.freebsd.org (Postfix) with ESMTP id B6A3537BAC0 for ; Mon, 20 Mar 2000 21:16:04 -0800 (PST) (envelope-from Doug@gorean.org) Received: from slave (doug@slave [10.0.0.1]) by dt051n0b.san.rr.com (8.9.3/8.9.3) with ESMTP id VAA61938; Mon, 20 Mar 2000 21:15:47 -0800 (PST) (envelope-from Doug@gorean.org) Date: Mon, 20 Mar 2000 21:15:47 -0800 (PST) From: Doug Barton X-Sender: doug@dt051n0b.san.rr.com To: Nick Johnson Cc: arch@freebsd.org Subject: Re: syslogd_flags in /etc/defaults/rc.conf In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This is really the kind of discussion that should take place on arch, unless someone changed their mind again. :) On Mon, 20 Mar 2000, Nick Johnson wrote: > I'm curious to see if anyone is like-minded with me that syslogd_flags in > /etc/defaults/rc.conf should be "-ss" instead of "". I reasoned that it > should be, considering: > > 1. Most people don't direct syslogs at other machines in my experience. 1a. The people that do know how to change the flags. > 2. Someone could conceivably DOS a machine by directing tons of crap at > port 121, which is also noted in the BUGS section of the syslogd > manpage. Seen it happen, not pretty. My customer asked me why freebsd shipped with this vulnerability enabled. I had no answer. > 3. Syslogd runs as root, and while it is a mature piece of code, I think > it preferable to minimize the number of root applications listening > on sockets. I would further propose that the flags be -ssvv, which would go a long ways toward teaching new system administrators what is logged where, and why. Thanks for the great suggestion, Doug -- "While the future's there for anyone to change, still you know it seems, it would be easier sometimes to change the past" - Jackson Browne, "Fountain of Sorrow" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Wed Mar 22 1:58:41 2000 Delivered-To: freebsd-arch@freebsd.org Received: from ns1.yes.no (ns1.yes.no [195.204.136.10]) by hub.freebsd.org (Postfix) with ESMTP id B5FE137C146 for ; Wed, 22 Mar 2000 01:58:38 -0800 (PST) (envelope-from eivind@bitbox.follo.net) Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218]) by ns1.yes.no (8.9.3/8.9.3) with ESMTP id LAA09261 for ; Wed, 22 Mar 2000 11:01:15 +0100 (CET) Received: (from eivind@localhost) by bitbox.follo.net (8.8.8/8.8.6) id KAA16107 for freebsd-arch@freebsd.org; Wed, 22 Mar 2000 10:58:25 +0100 (MET) Received: from axl.ops.uunet.co.za (axl.ops.uunet.co.za [196.31.1.175]) by hub.freebsd.org (Postfix) with ESMTP id A008537C177 for ; Wed, 22 Mar 2000 01:57:57 -0800 (PST) (envelope-from sheldonh@axl.ops.uunet.co.za) Received: from sheldonh (helo=axl.ops.uunet.co.za) by axl.ops.uunet.co.za with local-esmtp (Exim 3.13 #1) id 12Xhsq-000AbD-00; Wed, 22 Mar 2000 11:57:00 +0200 From: Sheldon Hearn To: Doug Barton Cc: Nick Johnson , arch@freebsd.org Subject: Re: syslogd_flags in /etc/defaults/rc.conf In-reply-to: Your message of "Mon, 20 Mar 2000 21:15:47 PST." Date: Wed, 22 Mar 2000 11:57:00 +0200 Message-ID: <40746.953719020@axl.ops.uunet.co.za> Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, 20 Mar 2000 21:15:47 PST, Doug Barton wrote: > I would further propose that the flags be -ssvv, which would go a > long ways toward teaching new system administrators what is logged where, > and why. The problem with -ss is that it prevents logging from the local host to a remote host. Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Wed Mar 22 2:22:28 2000 Delivered-To: freebsd-arch@freebsd.org Received: from ns1.yes.no (ns1.yes.no [195.204.136.10]) by hub.freebsd.org (Postfix) with ESMTP id 4BCDC37C1A2 for ; Wed, 22 Mar 2000 02:22:17 -0800 (PST) (envelope-from eivind@bitbox.follo.net) Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218]) by ns1.yes.no (8.9.3/8.9.3) with ESMTP id LAA09545 for ; Wed, 22 Mar 2000 11:24:58 +0100 (CET) Received: (from eivind@localhost) by bitbox.follo.net (8.8.8/8.8.6) id LAA16145 for freebsd-arch@freebsd.org; Wed, 22 Mar 2000 11:22:08 +0100 (MET) Received: from relay.ucb.crimea.ua (UCB-Async4-CRISCO.CRIS.NET [212.110.129.130]) by hub.freebsd.org (Postfix) with ESMTP id 6E0EE37C0DE for ; Wed, 22 Mar 2000 02:21:30 -0800 (PST) (envelope-from ru@ucb.crimea.ua) Received: (from ru@localhost) by relay.ucb.crimea.ua (8.9.3/8.9.3/UCB) id MAA68145; Wed, 22 Mar 2000 12:19:25 +0200 (EET) (envelope-from ru) Date: Wed, 22 Mar 2000 12:19:24 +0200 From: Ruslan Ermilov To: Sheldon Hearn Cc: Doug Barton , Nick Johnson , arch@freebsd.org Subject: Re: syslogd_flags in /etc/defaults/rc.conf Message-ID: <20000322121924.A57716@relay.ucb.crimea.ua> References: <40746.953719020@axl.ops.uunet.co.za> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.3i In-Reply-To: <40746.953719020@axl.ops.uunet.co.za>; from Sheldon Hearn on Wed, Mar 22, 2000 at 11:57:00AM +0200 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, Mar 22, 2000 at 11:57:00AM +0200, Sheldon Hearn wrote: > > > On Mon, 20 Mar 2000 21:15:47 PST, Doug Barton wrote: > > > I would further propose that the flags be -ssvv, which would go a > > long ways toward teaching new system administrators what is logged where, > > and why. > > The problem with -ss is that it prevents logging from the local host to > a remote host. > What is wrong with single -s mode (the default one nowadays)? It effectively prevents logging from remote hosts by shutting down reads on UDP socket. -- Ruslan Ermilov Sysadmin and DBA of the ru@ucb.crimea.ua United Commercial Bank, ru@FreeBSD.org FreeBSD committer, +380.652.247.647 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message From owner-freebsd-arch Wed Mar 22 10:34: 1 2000 Delivered-To: freebsd-arch@freebsd.org Received: from ns1.yes.no (ns1.yes.no [195.204.136.10]) by hub.freebsd.org (Postfix) with ESMTP id E237E37C1D5 for ; Wed, 22 Mar 2000 10:33:57 -0800 (PST) (envelope-from eivind@bitbox.follo.net) Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218]) by ns1.yes.no (8.9.3/8.9.3) with ESMTP id TAA12253 for ; Wed, 22 Mar 2000 19:36:43 +0100 (CET) Received: (from eivind@localhost) by bitbox.follo.net (8.8.8/8.8.6) id TAA16826 for freebsd-arch@freebsd.org; Wed, 22 Mar 2000 19:33:52 +0100 (MET) Received: from jade.chc-chimes.com (jade.chc-chimes.com [216.28.46.6]) by hub.freebsd.org (Postfix) with ESMTP id 73D9C37BF09 for ; Wed, 22 Mar 2000 10:32:23 -0800 (PST) (envelope-from billf@jade.chc-chimes.com) Received: by jade.chc-chimes.com (Postfix, from userid 1001) id 180291C4A; Wed, 22 Mar 2000 13:32:23 -0500 (EST) Date: Wed, 22 Mar 2000 13:32:23 -0500 From: Bill Fumerola To: Ruslan Ermilov Cc: Sheldon Hearn , Doug Barton , Nick Johnson , arch@freebsd.org Subject: Re: syslogd_flags in /etc/defaults/rc.conf Message-ID: <20000322133223.T25438@jade.chc-chimes.com> References: <40746.953719020@axl.ops.uunet.co.za> <20000322121924.A57716@relay.ucb.crimea.ua> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <20000322121924.A57716@relay.ucb.crimea.ua>; from ru@ucb.crimea.ua on Wed, Mar 22, 2000 at 12:19:24PM +0200 X-Operating-System: FreeBSD 3.2-RELEASE i386 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, Mar 22, 2000 at 12:19:24PM +0200, Ruslan Ermilov wrote: > What is wrong with single -s mode (the default one nowadays)? > It effectively prevents logging from remote hosts by shutting > down reads on UDP socket. Nothing, which is why I committed that a few days ago... -- Bill Fumerola - Network Architect Computer Horizons Corp - CVM e-mail: billf@chc-chimes.com / billf@FreeBSD.org Office: 800-252-2421 x128 / Cell: 248-761-7272 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message