Date: Tue, 1 Apr 2003 20:11:43 +0400 From: Yar Tikhiy <yar@freebsd.org> To: security@freebsd.org Subject: LOG_AUTHPRIV and the default syslog.conf Message-ID: <20030401161142.GA19845@comp.chem.msu.su>
next in thread | raw e-mail | index | archive | help
Hello, Some time ago I wrote PR conf/48170, which discussed the following problem: Syslog messages of facility LOG_AUTHPRIV and priority LOG_NOTICE (or higher) are sent by default to the world-readable log file /var/log/messages. That seems unacceptable since the facility LOG_AUTHPRIV is for hiding sensitive log messages inside a protected file, e.g., /var/log/auth.log. For example, login(1) and ftpd(8) send messages about invalid login attempts to LOG_AUTHPRIV|LOG_NOTICE, which makes sense because: a) a username attempted may happen to be a password typed at a wrong prompt; b) an invalid login attempt is a thing to notice, so LOG_NOTICE is justified. The following patch was proposed: Index: syslog.conf =================================================================== RCS file: /home/ncvs/src/etc/syslog.conf,v retrieving revision 1.23 diff -u -r1.23 syslog.conf --- syslog.conf 21 Sep 2002 12:07:35 -0000 1.23 +++ syslog.conf 11 Feb 2003 11:39:55 -0000 @@ -6,7 +6,7 @@ # may want to use only tabs as field separators here. # Consult the syslog.conf(5) manpage. *.err;kern.debug;auth.notice;mail.crit /dev/console -*.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages +*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages security.* /var/log/security auth.info;authpriv.info /var/log/auth.log mail.info /var/log/maillog =================================================================== Since my PR has received no feedback, I'd like to discuss the above problem here before committing my patch. Have I overlooked any complications? -- Yar
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030401161142.GA19845>