From owner-freebsd-questions Tue Nov 28 16:49: 4 2000 Delivered-To: freebsd-questions@freebsd.org Received: from guru.mired.org (okc-65-26-235-186.mmcable.com [65.26.235.186]) by hub.freebsd.org (Postfix) with SMTP id 503B937B401 for ; Tue, 28 Nov 2000 16:49:01 -0800 (PST) Received: (qmail 66773 invoked by uid 100); 29 Nov 2000 00:49:00 -0000 From: Mike Meyer MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <14884.21116.876366.998002@guru.mired.org> Date: Tue, 28 Nov 2000 18:49:00 -0600 (CST) To: trini0 Cc: questions@freebsd.org Subject: Re: syslog ? In-Reply-To: <30779630@toto.iv> X-Mailer: VM 6.75 under 21.1 (patch 10) "Capitol Reef" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ X-Message: You should get a better mailer. Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG trini0 types: > - --------------650F8F0E9C59A45E52C434B7 > Content-Type: text/plain; charset=us-ascii > Content-Transfer-Encoding: 7bit > > I came across a web site that tests network security. I ran it on my > router running FBSD 4.2S w/ipfil 3.4.8. Part of the results came back > saying that port 514 that syslog was using was insecure and they sent a > little message to the syslog daemon ==> > > Nov 28 12:59:09 gw /kernel: icmp-response bandwidth limit 225/200 pps > > Nov 28 12:59:12 gw /kernel: icmp-response bandwidth limit 236/200 pps > > Nov 28 12:59:15 gw /kernel: icmp-response bandwidth limit 228/200 pps > > Nov 28 12:59:21 gw /kernel: icmp-response bandwidth limit 201/200 pps > > I checked out some man pages and came across running syslogd in secure > mode with the -s option. Is this recommended, to make syslogd be more > secure? What file would I put this option in? (I didn't know where to > enable -s) Or should I just block off port 514 coming in from the > internet on the firewall?? > Thanks > trini0 4.2 should be running syslogd with the -s flag by default. Check /etc/defaults/rc.conf to verify that syslogd_enable="YES" and syslogd_flags="-s". If so, then check /etc/rc.conf to verify that they aren't changed. If syslogd_enable is not set to "YES", then something else is listening on the syslog port, and you need to deal with that something else. Also, your mailer is sending HTML as well as plain text. Please make it stop, and just send plain text. > > > I came across a web site that tests network security.  I ran it on > my router running FBSD 4.2S w/ipfil 3.4.8.  Part of the results came > back saying that port 514 that syslog was using was insecure and they sent > a little message to the syslog daemon ==> >

Nov 28 12:59:09 gw /kernel:    icmp-response bandwidth > limit 225/200 pps >

Nov 28 12:59:12 gw /kernel:    icmp-response bandwidth > limit 236/200 pps >

Nov 28 12:59:15 gw /kernel:    icmp-response bandwidth > limit 228/200 pps >

Nov 28 12:59:21 gw /kernel:    icmp-response bandwidth > limit 201/200 pps >

I checked out some man pages and came across running syslogd in secure > mode with the -s option.  Is this recommended, to make syslogd be > more secure?  What file would I put this option in?  (I didn't > know where to enable -s)  Or should I just block off port 514 coming > in from the internet on the firewall?? >
Thanks >
trini0 >
  >

-- 
> 
> 
>          _____________________________
>          |          trini0           |
>          |                           |
>      / ) | Systems Administrator     |
>     / /  | Network Engineer          |
>    ( (   | email ==>                 |
>  (((\ \> |/ )  trini0@optonline.net  |
>  (\\\\ \_/ /_________________________|
>   \       /
>    \    _/
>    /   /
>   /   /
>   > > - --------------650F8F0E9C59A45E52C434B7-- > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > -- Mike Meyer http://www.mired.org/home/mwm/ Independent WWW/Unix/FreeBSD consultant, email for rates. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message