From owner-freebsd-security@FreeBSD.ORG Wed Apr 2 05:48:00 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B737037B401; Wed, 2 Apr 2003 05:47:59 -0800 (PST) Received: from bran.mc.mpls.visi.com (bran.mc.mpls.visi.com [208.42.156.103]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0646643FCB; Wed, 2 Apr 2003 05:47:59 -0800 (PST) (envelope-from hawkeyd@visi.com) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by bran.mc.mpls.visi.com (Postfix) with ESMTP id 374954C6F; Wed, 2 Apr 2003 07:47:58 -0600 (CST) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.6p2/8.11.6) id h32DlvV08830; Wed, 2 Apr 2003 07:47:57 -0600 (CST) (envelope-from hawkeyd) Date: Wed, 2 Apr 2003 07:47:57 -0600 From: D J Hawkey Jr To: Yar Tikhiy Message-ID: <20030402074757.A8776@sheol.localdomain> References: <20030401161142.GA19845@comp.chem.msu.su> <5.2.0.9.0.20030402074159.0741a088@192.168.0.12> <20030402070244.A8569@sheol.localdomain> <20030402133625.GA81907@comp.chem.msu.su> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20030402133625.GA81907@comp.chem.msu.su>; from yar@freebsd.org on Wed, Apr 02, 2003 at 05:36:25PM +0400 cc: security@freebsd.org Subject: Re: LOG_AUTHPRIV and the default syslog.conf X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: hawkeyd@visi.com List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Apr 2003 13:48:00 -0000 On Apr 02, at 05:36 PM, Yar Tikhiy wrote: > > On Wed, Apr 02, 2003 at 07:02:44AM -0600, D J Hawkey Jr wrote: > > > > FWIW, long ago, I set one of mine up as: > > > > *.err;authpriv.none /dev/console > > *.notice;auth.info;kern.debug;security.none;local0.none;authpriv.none /var/log/messages > > security.*;local0.*;authpriv.* /var/log/security > > > > I must have been thinking the same thing Yar does WRT authpriv and > > /var/log/messages. > > > > Note that I also added local0, for ipmon(8); is it too late to > > consider this hack as well as Yar's? > > Today's style is to send messages from packet filters to > /var/log/security, and from authenticating functions to /var/log/auth.log. No disagreement. This is what I do with local0, and it's just my own preference to "depreciate" auth.log (which I don't advocate as policy). > Additionally I think it would be poor style to use local0 in the > default syslog.conf since local* should be left for site-specific > purposes. I agree completely, but... > Therefore I'd suggest changing src/sbin/ipmon/Makefile > so that it will add ``-DLOGFAC=LOG_SECURITY'' to CFLAGS, and syncing > ipmon.8; so ipmon(8) would behave consistently with the rest of the > system. ...I didn't know about that define! I try to leave /usr/src alone, but if a committer did this, I'd be all for it. I hereby revoke my request. > Yar Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/