Date: Mon, 27 Jul 1998 18:09:28 -0400 (EDT) From: woods@zeus.leitch.com (Greg A. Woods) To: "Jan B. Koum " <jkb@best.com> Cc: security@FreeBSD.ORG Subject: Re: files in /var/log Message-ID: <199807272209.SAA14388@brain.zeus.leitch.com> In-Reply-To: Jan B. Koum 's message of "Mon, July 27, 1998 11:30:30 -0700" regarding "Re: files in /var/log " id <Pine.BSF.3.96.980727112528.29202C-100000@shell6.ba.best.com> References: <24385.901543204@iafrica.com> <Pine.BSF.3.96.980727112528.29202C-100000@shell6.ba.best.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[ On Mon, July 27, 1998 at 11:30:30 (-0700), Jan B. Koum wrote: ]
> Subject: Re: files in /var/log
>
> There are many reasons. With /var/log/maillog it is privacy
> issues: do you really want everyone on your system to know you sent mail
> to sales@class-sex-toys.com or that you are exchanging mail with your
> competitor.
Some of the other BSDs do ship with /var/log/mail at mode 640.
However on my own machines the mailer logs are a matter of public record
and available for all to see.
Local policy should dictate and so far as I'm concerned the default
should be more open than not.
> With /var/log/messages -- well, there is NOTHING there that
> average user needs. If you are an admin, you are most likely in the wheel
> group already and should have read access to /var/log/messages w/o doing
> su(1). People sometimes might enter their password at the login: prompt --
> do you want all your users to read this? Do you want all your users to
> know other similar information? If so, chmod a+r /var/log/messages on your
> system. I still think by default we should ship /var/log/* files group
> read and world nothing.
/var/log/messages should never contain bad login records. They go in
/var/log/authpriv, which unfortunately FreeBSD doesn't have by default.
Making /var/log/messages unreadable by everyone would be very very very
unfriendly in my books -- this is something any user should be able to
look at.
Again, local policy should dictate, and in general everything but stuff
to the authpriv facility (and maybe auth too) should be readable by
everyone by default.
See for example syslog(3)'s advice:
LOG_AUTHPRIV The same as LOG_AUTH, but logged to a file readable only by
selected individuals.
Here's my /etc/syslog.conf:
*.err;kern.*;auth.warning;authpriv.none;mail.crit /dev/console
*.info;auth,authpriv,cron,ftp,kern,lpr,mail.none /var/log/messages
kern.debug /var/log/messages
# the master debug file should not be world readable
*.* /var/log/debug
# these files can be world readable to assist users
daemon.* /var/log/daemon
kern.* /var/log/kern
lpr.* /var/log/lpr
mail.* /var/log/mail
news.info /var/log/news
syslog.* /var/log/syslog
user.* /var/log/user
uucp.info /var/log/uucp
local0.*;local1.*;local2.*;local3.*;local4.*;local5.*;local6.*;local7.* /var/log/local
# The authpriv log file should be restricted access; these
# messages shouldn't go to terminals or publically-readable
# files.
auth.* /var/log/auth
authpriv.* /var/log/authpriv
cron.info /var/cron/log
ftp.info /var/log/xferlog
lpr.info /var/log/lpd-errs
#uucp.info /var/spool/uucp/ERRORS
# immeadiate warnings
*.emerg *
*.alert;kern.err;daemon.err;auth.warning;user.none root,operator
--
Greg A. Woods
+1 416 443-1734 VE3TCP <gwoods@acm.org> <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807272209.SAA14388>