Date: Tue, 16 Oct 2001 02:28:24 +0200 From: "Roger 'Rocky' Vetterberg" <rocky@ljusdal.net> To: freebsd-questions@FreeBSD.ORG Subject: Re: Syslog questions Message-ID: <3BCB7F28.447C4AF3@ljusdal.net> References: <20011015135221.E48004@dark4ce.com> <20011015221008.A36840@drex.staff.izr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Mark Drayton wrote: > Hanno Liem (freebsd@dark4ce.com) wrote: > > I have a few questions regarding Syslog: > > > > 1. I know it is possible to send a syslog to a different machine; does > > this have any security implications? > > AFAIK the only security issues are DOS based. An attacker could send > enough log messages to a remote host to fill its disk/partition up. You > should only allow trusted clients to log to this remote machine by using > the -a flag to syslogd or a firewall such as ipfw. AFAIK the logs are transmitted using unencrypted protocols, IIRC regular UDP. This could make it possibly for an attacker to sniff the traffic between the machine and the logserver, and hence gain access to the logfiles. I would consider this a security issues, I dont want anyone unauthorized reading my logfiles. __ R To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3BCB7F28.447C4AF3>