Date: Wed, 21 Oct 1998 07:49:31 -0500 From: "Jeffrey J. Mountin" <jeff-ml@mountin.net> To: Cy Schubert - ITSD Open Systems Group <cschuber@uumail.gov.bc.ca> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Again logging! Message-ID: <3.0.3.32.19981021074931.010c36dc@207.227.119.2> In-Reply-To: <199810151357.GAA06509@cwsys.cwsent.com> References: <Your message of "Wed, 14 Oct 1998 14:31:46 CDT." <3.0.3.32.19981014143146.0105ff00@207.227.119.2>
next in thread | previous in thread | raw e-mail | index | archive | help
At 06:57 AM 10/15/98 -0700, Cy Schubert - ITSD Open Systems Group wrote: >Or you could configure tcpd to log to a file instead of syslog, though >I wouldn't recommend it. (I know many sysadmins who do). If the tought here was to "hide" the log, they would do better to hide tcpd from ps et all. Obscurity method? Better to have a highly secured system taking in the logs and work from there. It should alarm if they stop coming too. >I especially like Mike Jenkins' comment. An excellent suggestion. Agreed. Only used that method on a few server with just too many daemons and not enough LOCAL's. >I've noticed that the ports, some in particular, have become quite >configurable. Yet another opportunity... How so? Usually I either mod the patch or 'make patch' and tweak the source. Both are just a slight hassle, but it seems more correct to change the Makefile or make.conf, which I just happened to do for Apache, since the default structure to me is unwanted. For tcpd it's only one in patch-aa. Sshd needs a quick change in the config file, and my first use of the popper port had me recompiling 2 custom daemons, so as to avoid changes. Overall once you get used to the assumptions the ports are good, but one really should follow the changes and make sure that they meet your needs. Turning on every single bell and whistle in Apache didn't seem sensible, but then knowing what is needed and the fact it doesn't clobber existing files. 8-) Still it can be an opportunity to shoot yourself, especially when you've developed certain habits over the years of rolling your own. Jeff Mountin - Unix Systems TCP/IP networking jeff@mountin.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.3.32.19981021074931.010c36dc>