From owner-freebsd-audit  Mon Jul 16  5:17:56 2001
Delivered-To: freebsd-audit@freebsd.org
Received: from gw.nectar.com (gw.nectar.com [208.42.49.153])
	by hub.freebsd.org (Postfix) with ESMTP id AA39237B403
	for <freebsd-audit@freebsd.org>; Mon, 16 Jul 2001 05:17:48 -0700 (PDT)
	(envelope-from nectar@nectar.com)
Received: from madman.nectar.com (madman.nectar.com [10.0.1.111])
	by gw.nectar.com (Postfix) with ESMTP
	id EC0B6AF481; Mon, 16 Jul 2001 07:17:47 -0500 (CDT)
Received: (from nectar@localhost)
	by madman.nectar.com (8.11.3/8.11.3) id f6GCHl911073;
	Mon, 16 Jul 2001 07:17:47 -0500 (CDT)
	(envelope-from nectar)
Date: Mon, 16 Jul 2001 07:17:47 -0500
From: "Jacques A. Vidrine" <n@nectar.com>
To: Sheldon Hearn <sheldonh@starjuice.net>
Cc: freebsd-audit@freebsd.org
Subject: Re: syslogd: bind to localhost only
Message-ID: <20010716071747.D10944@madman.nectar.com>
Mail-Followup-To: "Jacques A. Vidrine" <n@nectar.com>,
	Sheldon Hearn <sheldonh@starjuice.net>, freebsd-audit@freebsd.org
References: <20010713135448.A67153@madman.nectar.com> <4555.995275530@axl.seasidesoftware.co.za>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <4555.995275530@axl.seasidesoftware.co.za>; from sheldonh@starjuice.net on Mon, Jul 16, 2001 at 11:25:30AM +0200
X-Url: http://www.nectar.com/
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-audit.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-audit>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-audit>
X-Loop: FreeBSD.ORG

On Mon, Jul 16, 2001 at 11:25:30AM +0200, Sheldon Hearn wrote:
> 
> 
> On Fri, 13 Jul 2001 13:54:48 EST, "Jacques A. Vidrine" wrote:
> 
> > The following patch adds a "-L"  option to syslogd to force binding to
> > localhost  only.  This  is useful  for running  syslogd in  a chroot'd
> > environment, where the log socket will not be available.
> 
> This seems like an awfully specific kludge.
> 
> First, what does this give me that -a and -l don't?

It causes syslogd to bind  to INADDR_LOOPBACK rather than  INADDR_ANY.
syslogd then never `sees'    packets that are  not destined   for  the
loopback interface.  Using `-a', syslogd  needs to process all packets
sent to the syslog port on that machine.

> Second, assuming I'm missing something above, why not implement the
> option such that the operator can choose to bind to _any_ address(es)
> using some kind of -i option?  Why _only_ localhost?

No, you     are   not  missing    anything.    You  are    right,  `-i
ip-address-or-hostname'  would  be better.   I  think the `-L' evolved
from wanting something kind of "between" `-s' and `-s -s'.

Cheers,
-- 
Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message