From owner-freebsd-questions Mon Oct 15 17:27:37 2001 Delivered-To: freebsd-questions@freebsd.org Received: from rambo.simx.org (rambo.simx.org [194.17.208.54]) by hub.freebsd.org (Postfix) with ESMTP id D64BD37B40C for ; Mon, 15 Oct 2001 17:27:32 -0700 (PDT) Received: from ljusdal.net (rocky [192.168.0.2]) by rambo.simx.org (8.11.6/8.11.6) with ESMTP id f9G0QJ998683 for ; Tue, 16 Oct 2001 02:26:20 +0200 (CEST) (envelope-from rocky@ljusdal.net) Message-ID: <3BCB7F28.447C4AF3@ljusdal.net> Date: Tue, 16 Oct 2001 02:28:24 +0200 From: "Roger 'Rocky' Vetterberg" Reply-To: rocky@ljusdal.net X-Mailer: Mozilla 4.78 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-questions@FreeBSD.ORG Subject: Re: Syslog questions References: <20011015135221.E48004@dark4ce.com> <20011015221008.A36840@drex.staff.izr.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Mark Drayton wrote: > Hanno Liem (freebsd@dark4ce.com) wrote: > > I have a few questions regarding Syslog: > > > > 1. I know it is possible to send a syslog to a different machine; does > > this have any security implications? > > AFAIK the only security issues are DOS based. An attacker could send > enough log messages to a remote host to fill its disk/partition up. You > should only allow trusted clients to log to this remote machine by using > the -a flag to syslogd or a firewall such as ipfw. AFAIK the logs are transmitted using unencrypted protocols, IIRC regular UDP. This could make it possibly for an attacker to sniff the traffic between the machine and the logserver, and hence gain access to the logfiles. I would consider this a security issues, I dont want anyone unauthorized reading my logfiles. __ R To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message