Date: Tue, 16 Oct 2001 08:57:11 +0100 From: Mark Drayton <mark.drayton@izr.com> To: freebsd-questions@FreeBSD.ORG Subject: Re: Syslog questions Message-ID: <20011016085711.A40129@drex.staff.izr.com> In-Reply-To: <3BCB7F28.447C4AF3@ljusdal.net>; from rocky@ljusdal.net on Tue, Oct 16, 2001 at 02:28:24AM %2B0200 References: <20011015135221.E48004@dark4ce.com> <20011015221008.A36840@drex.staff.izr.com> <3BCB7F28.447C4AF3@ljusdal.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Roger 'Rocky' Vetterberg (rocky@ljusdal.net) wrote: > Mark Drayton wrote: > > > Hanno Liem (freebsd@dark4ce.com) wrote: > > > I have a few questions regarding Syslog: > > > > > > 1. I know it is possible to send a syslog to a different machine; > > > does this have any security implications? > > > > AFAIK the only security issues are DOS based. An attacker could send > > enough log messages to a remote host to fill its disk/partition up. > > You should only allow trusted clients to log to this remote machine > > by using the -a flag to syslogd or a firewall such as ipfw. > > AFAIK the logs are transmitted using unencrypted protocols, IIRC > regular UDP. This could make it possibly for an attacker to sniff the > traffic between the machine and the logserver, and hence gain access > to the logfiles. I would consider this a security issues, I dont want > anyone unauthorized reading my logfiles. Oh, erm. There is that of course :~) Cheers, -- Mark Drayton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011016085711.A40129>