From owner-freebsd-questions Wed Nov 29 5:32:26 2000 Delivered-To: freebsd-questions@freebsd.org Received: from guru.mired.org (okc-65-26-235-186.mmcable.com [65.26.235.186]) by hub.freebsd.org (Postfix) with SMTP id 9FE5E37B401 for ; Wed, 29 Nov 2000 05:32:23 -0800 (PST) Received: (qmail 83149 invoked by uid 100); 29 Nov 2000 13:32:22 -0000 From: Mike Meyer MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <14885.1382.245532.6731@guru.mired.org> Date: Wed, 29 Nov 2000 07:32:22 -0600 (CST) To: trini0 Cc: FreeBSD Questions Subject: Re: syslog ? In-Reply-To: <3A246B7B.7A0C61F5@optonline.net> References: <14884.21116.876366.998002@guru.mired.org> <3A246B7B.7A0C61F5@optonline.net> X-Mailer: VM 6.75 under 21.1 (patch 10) "Capitol Reef" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ X-Message: You should get a better mailer. Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG trini0 types: > Sorry to all about the html post.....:( > > syslog_enable to yes and flag set to -s in /etc/defaults/rc.conf, but it wasn't in my /etc/rc.conf file. > I inserted them there and rebooted. Now my ? is does the system look at both /etc/defaults/rc.conf & /etc/rc.conf when it boots up and starts what is necessary??? If that was the case then there was no need to > modify my /etc/rc.conf. Is there a way to find out what state a daemon is running in?? ie if syslog is running in secure mode or not. > Thanks > trini0 Um - could you go back to wrapping your text lines at 80 characters? Thanx. Anyway, you're right - the only reason to put things in /etc/rc.conf is if they are *different* from /etc/defaults/rc.conf. Try doing "ps auxw | grep syslog". That will show you the syslog command and flags. I should have had you do that before checking the rc.conf files. Sorry. I'm not familiar with ipfil. Is it possible that it is listening to port 514, logging the packets, then forwarding them to syslog? > trini0 types: > > > - --------------650F8F0E9C59A45E52C434B7 > > > Content-Type: text/plain; charset=us-ascii > > > Content-Transfer-Encoding: 7bit > > > > > > I came across a web site that tests network security. I ran it on my > > > router running FBSD 4.2S w/ipfil 3.4.8. Part of the results came back > > > saying that port 514 that syslog was using was insecure and they sent a > > > little message to the syslog daemon ==> > > > > > > Nov 28 12:59:09 gw /kernel: icmp-response bandwidth limit 225/200 pps > > > > > > Nov 28 12:59:12 gw /kernel: icmp-response bandwidth limit 236/200 pps > > > > > > Nov 28 12:59:15 gw /kernel: icmp-response bandwidth limit 228/200 pps > > > > > > Nov 28 12:59:21 gw /kernel: icmp-response bandwidth limit 201/200 pps > > > > > > I checked out some man pages and came across running syslogd in secure > > > mode with the -s option. Is this recommended, to make syslogd be more > > > secure? What file would I put this option in? (I didn't know where to > > > enable -s) Or should I just block off port 514 coming in from the > > > internet on the firewall?? > > > Thanks > > > trini0 > > > > 4.2 should be running syslogd with the -s flag by default. Check > > /etc/defaults/rc.conf to verify that syslogd_enable="YES" and > > syslogd_flags="-s". If so, then check /etc/rc.conf to verify that they > > aren't changed. If syslogd_enable is not set to "YES", then something > > else is listening on the syslog port, and you need to deal with that > > something else. > > > > Also, your mailer is sending HTML as well as plain text. Please make > > it stop, and just send plain text. > > > > > > > -- Mike Meyer http://www.mired.org/home/mwm/ Independent WWW/Unix/FreeBSD consultant, email for rates. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message