From owner-freebsd-questions  Thu Oct 18 16:41:54 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5])
	by hub.freebsd.org (Postfix) with ESMTP id CE51737B403
	for <freebsd-questions@FreeBSD.ORG>; Thu, 18 Oct 2001 16:41:48 -0700 (PDT)
Received: from hades.hell.gr (patr530-a125.otenet.gr [212.205.215.125])
	by mailsrv.otenet.gr (8.11.5/8.11.5) with ESMTP id f9INfhO20420;
	Fri, 19 Oct 2001 02:41:43 +0300 (EEST)
Received: (from charon@localhost)
	by hades.hell.gr (8.11.6/8.11.6) id f9ILTMd10551;
	Fri, 19 Oct 2001 00:29:22 +0300 (EEST)
	(envelope-from charon@labs.gr)
Date: Fri, 19 Oct 2001 00:29:22 +0300
From: Giorgos Keramidas <charon@labs.gr>
To: Mark Drayton <mark.drayton@izr.com>
Cc: Hanno Liem <freebsd@dark4ce.com>, freebsd-questions@FreeBSD.ORG
Subject: Re: Syslog questions
Message-ID: <20011019002921.B9820@hades.hell.gr>
References: <20011015135221.E48004@dark4ce.com> <20011015221008.A36840@drex.staff.izr.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20011015221008.A36840@drex.staff.izr.com>
User-Agent: Mutt/1.3.22.1i
X-GPG-Fingerprint: C1EB 0653 DB8B A557 3829  00F9 D60F 941A 3186 03B6
X-URL: http://labs.gr/~charon/
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Mark Drayton <mark.drayton@izr.com> wrote:
> Hanno Liem (freebsd@dark4ce.com) wrote:
> > I have a few questions regarding Syslog:
> > 
> > 1. I know it is possible to send a syslog to a different machine; does
> > this have any security implications?
> 
> AFAIK the only security issues are DOS based. An attacker could send
> enough log messages to a remote host to fill its disk/partition up. You
> should only allow trusted clients to log to this remote machine by using
> the -a flag to syslogd or a firewall such as ipfw.

Or both methods of limiting access to syslogd's listening port.
Adding more layers to your security model is always a nice idea.

Just my $0.02

-giorgos

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message