From owner-freebsd-security  Fri Aug 21 23:15:22 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id XAA02936
          for freebsd-security-outgoing; Fri, 21 Aug 1998 23:15:22 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from aniwa.sky (aniwa.actrix.gen.nz [203.96.56.186])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA02917
          for <security@FreeBSD.ORG>; Fri, 21 Aug 1998 23:15:18 -0700 (PDT)
          (envelope-from andrew@squiz.co.nz)
Received: from localhost (andrew@localhost)
	by aniwa.sky (8.8.7/8.8.7) with SMTP id SAA13503;
	Sat, 22 Aug 1998 18:13:28 +1200 (NZST)
	(envelope-from andrew@squiz.co.nz)
Date: Sat, 22 Aug 1998 18:13:28 +1200 (NZST)
From: Andrew McNaughton <andrew@squiz.co.nz>
X-Sender: andrew@aniwa.sky
Reply-To: andrew@squiz.co.nz
To: "Jan B. Koum " <jkb@best.com>
cc: ben@efn.org, Jon Hamilton <hamilton@pobox.com>,
        Garrett Wollman <wollman@khavrinen.lcs.mit.edu>, dima@best.net,
        jkh@time.cdrom.com, security@FreeBSD.ORG
Subject: Re: Shipping syslogd with "-s" (Was: Re: Scaring the bezeesus ..)
In-Reply-To: <Pine.BSF.4.02.9808212201490.27345-100000@shell6.ba.best.com>
Message-ID: <Pine.BSF.3.96.980822175255.12678A-100000@aniwa.sky>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Fri, 21 Aug 1998, Jan B. Koum  wrote:

> Date: Fri, 21 Aug 1998 22:04:11 -0700 (PDT)
> From: "Jan B. Koum " <jkb@best.com>
> To: ben@efn.org
> Cc: Jon Hamilton <hamilton@pobox.com>,
>     Garrett Wollman <wollman@khavrinen.lcs.mit.edu>, dima@best.net,
>     jkh@time.cdrom.com, security@FreeBSD.ORG
> Subject: Shipping syslogd with "-s" (Was: Re: Scaring the bezeesus ..)
> 
>       
> 	I vote to have FreeBSD ship syslogd with "-s" by default.
> 
> 	Reason: any user cluefull enough to use and custom config syslog to
> do over the net logging will be cluefull enough to know how to either add
> "-a" or take "-s" out of rc.conf.

>From the syslogd man page I'm not entirely clear on how these options
interact.

>   -a allowed_peer
>         Allow allowed_peer to log to this syslogd using UDP datagrams.
>         Multiple -a options may be specified.

If one has to specify that a host is allowed to log packets to this host,
then it seems reasonable to assume that this is not allowed unless so
specified ... or perhaps that's only the case if -s is used?

>   -s      Operate in secure mode.  Do not listen for log message from
>           remote machines.

I'd have thought that meant syslogd didn't even look at incoming packets
if this was set, which I suppose reduces the chance of some bug turning up
in it ... or perhaps the default is that packets are accepted? 


Could someone clarify this?  Preferably the man page should be clarified. 

Is there a way to send log entries to a remote machine from the command
line so I can more easily test how this works?

Andrew McNaughton


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message