From owner-freebsd-questions Tue Nov 28 13:33:53 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.hcvlny.cv.net (mx1.hcvlny.cv.net [167.206.112.76]) by hub.freebsd.org (Postfix) with ESMTP id CF85D37B400 for ; Tue, 28 Nov 2000 13:33:49 -0800 (PST) Received: from s1.optonline.net (s1.optonline.net [167.206.112.6]) by mx1.hcvlny.cv.net (8.10.2/8.10.2) with ESMTP id eASLXiR17245 for ; Tue, 28 Nov 2000 16:33:44 -0500 (EST) Received: from optonline.net (ool-18bd8597.dyn.optonline.net [24.189.133.151]) by s1.optonline.net (8.10.2/8.10.2) with ESMTP id eASLXht05847 for ; Tue, 28 Nov 2000 16:33:43 -0500 (EST) Message-ID: <3A2424B7.62F45E2@optonline.net> Date: Tue, 28 Nov 2000 16:33:43 -0500 From: trini0 X-Mailer: Mozilla 4.75 [en] (X11; U; FreeBSD 4.2-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: questions@freebsd.org Subject: syslog ? Content-Type: multipart/alternative; boundary="------------650F8F0E9C59A45E52C434B7" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --------------650F8F0E9C59A45E52C434B7 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit I came across a web site that tests network security. I ran it on my router running FBSD 4.2S w/ipfil 3.4.8. Part of the results came back saying that port 514 that syslog was using was insecure and they sent a little message to the syslog daemon ==> Nov 28 12:59:09 gw /kernel: icmp-response bandwidth limit 225/200 pps Nov 28 12:59:12 gw /kernel: icmp-response bandwidth limit 236/200 pps Nov 28 12:59:15 gw /kernel: icmp-response bandwidth limit 228/200 pps Nov 28 12:59:21 gw /kernel: icmp-response bandwidth limit 201/200 pps I checked out some man pages and came across running syslogd in secure mode with the -s option. Is this recommended, to make syslogd be more secure? What file would I put this option in? (I didn't know where to enable -s) Or should I just block off port 514 coming in from the internet on the firewall?? Thanks trini0 -- _____________________________ | trini0 | | | / ) | Systems Administrator | / / | Network Engineer | ( ( | email ==> | (((\ \> |/ ) trini0@optonline.net | (\\\\ \_/ /_________________________| \ / \ _/ / / / / --------------650F8F0E9C59A45E52C434B7 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit I came across a web site that tests network security.  I ran it on my router running FBSD 4.2S w/ipfil 3.4.8.  Part of the results came back saying that port 514 that syslog was using was insecure and they sent a little message to the syslog daemon ==>

Nov 28 12:59:09 gw /kernel:    icmp-response bandwidth limit 225/200 pps

Nov 28 12:59:12 gw /kernel:    icmp-response bandwidth limit 236/200 pps

Nov 28 12:59:15 gw /kernel:    icmp-response bandwidth limit 228/200 pps

Nov 28 12:59:21 gw /kernel:    icmp-response bandwidth limit 201/200 pps

I checked out some man pages and came across running syslogd in secure mode with the -s option.  Is this recommended, to make syslogd be more secure?  What file would I put this option in?  (I didn't know where to enable -s)  Or should I just block off port 514 coming in from the internet on the firewall??
Thanks
trini0
  

-- 


         _____________________________
         |          trini0           |
         |                           |
     / ) | Systems Administrator     |
    / /  | Network Engineer          |
   ( (   | email ==>                 |
 (((\ \> |/ )  trini0@optonline.net  |
 (\\\\ \_/ /_________________________|
  \       /
   \    _/
   /   /
  /   /
  --------------650F8F0E9C59A45E52C434B7-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message