From owner-freebsd-security@FreeBSD.ORG Fri Feb 17 12:40:12 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D1E7A106564A for ; Fri, 17 Feb 2012 12:40:12 +0000 (UTC) (envelope-from lists@mschuette.name) Received: from mail.mschuette.name (lisa.mschuette.name [IPv6:2a01:4f8:d13:4d41::3deb:2d1b]) by mx1.freebsd.org (Postfix) with ESMTP id 6170B8FC20 for ; Fri, 17 Feb 2012 12:40:12 +0000 (UTC) Received: from lisa.mschuette.name (localhost [127.0.0.1]) by mail.mschuette.name (Postfix) with ESMTP id 2C53F12542A for ; Fri, 17 Feb 2012 13:40:11 +0100 (CET) Received: from mail.mschuette.name ([127.0.0.1]) by lisa.mschuette.name (mail.mschuette.name [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gMaZfCgc1i15 for ; Fri, 17 Feb 2012 13:40:09 +0100 (CET) Received: from hanna.mschuette.name (unknown [IPv6:2001:638:812:b881:62eb:69ff:fe7e:bf5b]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "Martin Schuette", Issuer "AStA-CA" (not verified)) (Authenticated sender: mschuett) by mail.mschuette.name (Postfix) with ESMTPSA for ; Fri, 17 Feb 2012 13:40:09 +0100 (CET) Message-ID: <4F3E4AA9.9000308@mschuette.name> Date: Fri, 17 Feb 2012 13:40:09 +0100 From: =?ISO-8859-1?Q?Martin_Sch=FCtte?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:9.0) Gecko/20111229 Thunderbird/9.0 MIME-Version: 1.0 To: freebsd-security@freebsd.org References: <4F3D3722.2000904@quip.cz> In-Reply-To: X-Enigmail-Version: 1.3.4 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Subject: Re: periodic security run output gives false positives after 1 year X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Feb 2012 12:40:12 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/16/2012 08:08 PM, Sergey Kandaurov wrote: > 5424 yet. Almost complete implementation was done in NetBSD in > that regard in 2008. NetBSD before RFC 5424 changes has had pretty > similar syslogd source, so if one could analyze and port that > changes to FreeBSD, that would be pretty nice. I implemented this and if anyone is interested I would be glad to help with it. So far I just did not find the time to continue development or even a FreeBSD port on my own (finishing university, looking for a job, etc). -- The code is in NetBSD-Current and my own development repository is now online at https://github.com/mschuett/nbsd-syslog With regard to porting the biggest difference between systems is the libevent library, which is included in NetBSD and used in the syslogd(8). The main "problem" with the IETF/NetBSD syslogd(8) is that it does not only change the message/protocol format, but at the same time implements TLS communication and digital signatures. -- In combination these functions really add size and complexity to the code. To improve things I wonder if syslogd(8) could be restructured into a plugin-based architecture. That might keep the different logging targets (files, console, UDP, TLS) and optional features (new/old format, signatures) separate and simpler. Of course only if it is simple enough not to add yet another layer of overhead and complexity. - -- Martin Schütte -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk8+Sp0ACgkQrb26LrIR2NllIACg7BieDyiVUabLww4n06vehhPe JjoAoJAq9zAejj0BynH6mP+RBlearIdL =xV69 -----END PGP SIGNATURE-----