From owner-freebsd-security@FreeBSD.ORG Wed Apr 2 05:02:47 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 69EF437B482; Wed, 2 Apr 2003 05:02:47 -0800 (PST) Received: from bran.mc.mpls.visi.com (bran.mc.mpls.visi.com [208.42.156.103]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9F1B343FA3; Wed, 2 Apr 2003 05:02:46 -0800 (PST) (envelope-from hawkeyd@visi.com) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by bran.mc.mpls.visi.com (Postfix) with ESMTP id A830B4C45; Wed, 2 Apr 2003 07:02:45 -0600 (CST) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.6p2/8.11.6) id h32D2i708610; Wed, 2 Apr 2003 07:02:44 -0600 (CST) (envelope-from hawkeyd) Date: Wed, 2 Apr 2003 07:02:44 -0600 From: D J Hawkey Jr To: Mike Tancsa Message-ID: <20030402070244.A8569@sheol.localdomain> References: <20030401161142.GA19845@comp.chem.msu.su> <5.2.0.9.0.20030402074159.0741a088@192.168.0.12> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <5.2.0.9.0.20030402074159.0741a088@192.168.0.12>; from mike@sentex.net on Wed, Apr 02, 2003 at 07:46:51AM -0500 cc: Yar Tikhiy cc: security@freebsd.org Subject: Re: LOG_AUTHPRIV and the default syslog.conf X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: hawkeyd@visi.com List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Apr 2003 13:02:48 -0000 > At 08:11 PM 4/1/2003 +0400, Yar Tikhiy wrote: > >The following patch was proposed: > > > >Index: syslog.conf > >=================================================================== > >RCS file: /home/ncvs/src/etc/syslog.conf,v > >retrieving revision 1.23 > >diff -u -r1.23 syslog.conf > >--- syslog.conf 21 Sep 2002 12:07:35 -0000 1.23 > >+++ syslog.conf 11 Feb 2003 11:39:55 -0000 > >@@ -6,7 +6,7 @@ > > # may want to use only tabs as field separators here. > > # Consult the syslog.conf(5) manpage. > > *.err;kern.debug;auth.notice;mail.crit /dev/console > >-*.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages > >+*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err > >/var/log/messages > > security.* /var/log/security > > auth.info;authpriv.info /var/log/auth.log > > mail.info /var/log/maillog > >=================================================================== > > > >Since my PR has received no feedback, I'd like to discuss the above > >problem here before committing my patch. Have I overlooked any > >complications? On Apr 02, at 07:46 AM, Mike Tancsa top-posted: > > I like the change and I dont think it would adversely affect any sites. > > ---Mike FWIW, long ago, I set one of mine up as: *.err;authpriv.none /dev/console *.notice;auth.info;kern.debug;security.none;local0.none;authpriv.none /var/log/messages security.*;local0.*;authpriv.* /var/log/security I must have been thinking the same thing Yar does WRT authpriv and /var/log/messages. Note that I also added local0, for ipmon(8); is it too late to consider this hack as well as Yar's? Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/