Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 16 Oct 2001 02:28:24 +0200
From:      "Roger 'Rocky' Vetterberg" <rocky@ljusdal.net>
To:        freebsd-questions@FreeBSD.ORG
Subject:   Re: Syslog questions
Message-ID:  <3BCB7F28.447C4AF3@ljusdal.net>
References:  <20011015135221.E48004@dark4ce.com> <20011015221008.A36840@drex.staff.izr.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Mark Drayton wrote:

> Hanno Liem (freebsd@dark4ce.com) wrote:
> > I have a few questions regarding Syslog:
> >
> > 1. I know it is possible to send a syslog to a different machine; does
> > this have any security implications?
>
> AFAIK the only security issues are DOS based. An attacker could send
> enough log messages to a remote host to fill its disk/partition up. You
> should only allow trusted clients to log to this remote machine by using
> the -a flag to syslogd or a firewall such as ipfw.

AFAIK the logs are transmitted using unencrypted protocols, IIRC regular UDP.
This could make it possibly for an attacker to sniff the traffic between the
machine and the logserver, and hence gain access to the logfiles.
I would consider this a security issues, I dont want anyone unauthorized
reading my logfiles.

__
R


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3BCB7F28.447C4AF3>