From owner-freebsd-questions Tue Nov 28 18:35:43 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.hcvlny.cv.net (mx1.hcvlny.cv.net [167.206.112.76]) by hub.freebsd.org (Postfix) with ESMTP id 648B337B400 for ; Tue, 28 Nov 2000 18:35:41 -0800 (PST) Received: from s1.optonline.net (s1.optonline.net [167.206.112.6]) by mx1.hcvlny.cv.net (8.10.2/8.10.2) with ESMTP id eAT2ZeR20299; Tue, 28 Nov 2000 21:35:40 -0500 (EST) Received: from optonline.net (ool-18bd8597.dyn.optonline.net [24.189.133.151]) by s1.optonline.net (8.10.2/8.10.2) with ESMTP id eAT2Zet08721; Tue, 28 Nov 2000 21:35:40 -0500 (EST) Message-ID: <3A246B7B.7A0C61F5@optonline.net> Date: Tue, 28 Nov 2000 21:35:39 -0500 From: trini0 X-Mailer: Mozilla 4.75 [en] (X11; U; FreeBSD 4.2-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: Mike Meyer Cc: FreeBSD Questions Subject: Re: syslog ? References: <14884.21116.876366.998002@guru.mired.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Sorry to all about the html post.....:( syslog_enable to yes and flag set to -s in /etc/defaults/rc.conf, but it wasn't in my /etc/rc.conf file. I inserted them there and rebooted. Now my ? is does the system look at both /etc/defaults/rc.conf & /etc/rc.conf when it boots up and starts what is necessary??? If that was the case then there was no need to modify my /etc/rc.conf. Is there a way to find out what state a daemon is running in?? ie if syslog is running in secure mode or not. Thanks trini0 > trini0 types: > > - --------------650F8F0E9C59A45E52C434B7 > > Content-Type: text/plain; charset=us-ascii > > Content-Transfer-Encoding: 7bit > > > > I came across a web site that tests network security. I ran it on my > > router running FBSD 4.2S w/ipfil 3.4.8. Part of the results came back > > saying that port 514 that syslog was using was insecure and they sent a > > little message to the syslog daemon ==> > > > > Nov 28 12:59:09 gw /kernel: icmp-response bandwidth limit 225/200 pps > > > > Nov 28 12:59:12 gw /kernel: icmp-response bandwidth limit 236/200 pps > > > > Nov 28 12:59:15 gw /kernel: icmp-response bandwidth limit 228/200 pps > > > > Nov 28 12:59:21 gw /kernel: icmp-response bandwidth limit 201/200 pps > > > > I checked out some man pages and came across running syslogd in secure > > mode with the -s option. Is this recommended, to make syslogd be more > > secure? What file would I put this option in? (I didn't know where to > > enable -s) Or should I just block off port 514 coming in from the > > internet on the firewall?? > > Thanks > > trini0 > > 4.2 should be running syslogd with the -s flag by default. Check > /etc/defaults/rc.conf to verify that syslogd_enable="YES" and > syslogd_flags="-s". If so, then check /etc/rc.conf to verify that they > aren't changed. If syslogd_enable is not set to "YES", then something > else is listening on the syslog port, and you need to deal with that > something else. > > Also, your mailer is sending HTML as well as plain text. Please make > it stop, and just send plain text. > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message