From owner-freebsd-security@FreeBSD.ORG  Wed Apr  2 05:36:33 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D340F37B401
	for <security@freebsd.org>; Wed,  2 Apr 2003 05:36:33 -0800 (PST)
Received: from comp.chem.msu.su (comp-ext.chem.msu.su [158.250.32.157])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A8BBD43F75
	for <security@freebsd.org>; Wed,  2 Apr 2003 05:36:31 -0800 (PST)
	(envelope-from yar@comp.chem.msu.su)
Received: from comp.chem.msu.su (localhost [127.0.0.1])
	by comp.chem.msu.su (8.12.3p2/8.12.3) with ESMTP id h32DaRhE082772;
	Wed, 2 Apr 2003 17:36:27 +0400 (MSD)
	(envelope-from yar@comp.chem.msu.su)
Received: (from yar@localhost)
	by comp.chem.msu.su (8.12.3p2/8.12.3/Submit) id h32DaQAG082771;
	Wed, 2 Apr 2003 17:36:26 +0400 (MSD)
	(envelope-from yar)
Date: Wed, 2 Apr 2003 17:36:25 +0400
From: Yar Tikhiy <yar@freebsd.org>
To: D J Hawkey Jr <hawkeyd@visi.com>
Message-ID: <20030402133625.GA81907@comp.chem.msu.su>
References: <20030401161142.GA19845@comp.chem.msu.su>
	<5.2.0.9.0.20030402074159.0741a088@192.168.0.12>
	<20030402070244.A8569@sheol.localdomain>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20030402070244.A8569@sheol.localdomain>
User-Agent: Mutt/1.5.3i
X-Mailman-Approved-At: Wed, 02 Apr 2003 09:55:54 -0800
cc: security@freebsd.org
Subject: Re: LOG_AUTHPRIV and the default syslog.conf
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Apr 2003 13:36:34 -0000

On Wed, Apr 02, 2003 at 07:02:44AM -0600, D J Hawkey Jr wrote:
> 
> FWIW, long ago, I set one of mine up as:
> 
> *.err;authpriv.none				/dev/console
> *.notice;auth.info;kern.debug;security.none;local0.none;authpriv.none	/var/log/messages
> security.*;local0.*;authpriv.*			/var/log/security
> 
> I must have been thinking the same thing Yar does WRT authpriv and
> /var/log/messages.
> 
> Note that I also added local0, for ipmon(8); is it too late to
> consider this hack as well as Yar's?

Today's style is to send messages from packet filters to
/var/log/security, and from authenticating functions to /var/log/auth.log.
Additionally I think it would be poor style to use local0 in the
default syslog.conf since local* should be left for site-specific
purposes.  Therefore I'd suggest changing src/sbin/ipmon/Makefile
so that it will add ``-DLOGFAC=LOG_SECURITY'' to CFLAGS, and syncing
ipmon.8; so ipmon(8) would behave consistently with the rest of the
system.

-- 
Yar