From owner-freebsd-security Wed Oct 21 06:35:24 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id GAA17576 for freebsd-security-outgoing; Wed, 21 Oct 1998 06:35:24 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from peak.mountin.net (peak.mountin.net [207.227.119.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA17569 for ; Wed, 21 Oct 1998 06:35:23 -0700 (PDT) (envelope-from jeff-ml@mountin.net) Received: (from daemon@localhost) by peak.mountin.net (8.9.1/8.9.1) id HAA20783; Wed, 21 Oct 1998 07:53:56 -0500 (CDT) Received: from harkol-51.isdn.mke.execpc.com(169.207.64.179) by peak.mountin.net via smap (V1.3) id sma020777; Wed Oct 21 07:53:30 1998 Message-Id: <3.0.3.32.19981021074931.010c36dc@207.227.119.2> X-Sender: jeff-ml@207.227.119.2 X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Wed, 21 Oct 1998 07:49:31 -0500 To: Cy Schubert - ITSD Open Systems Group From: "Jeffrey J. Mountin" Subject: Re: Again logging! Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <199810151357.GAA06509@cwsys.cwsent.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 06:57 AM 10/15/98 -0700, Cy Schubert - ITSD Open Systems Group wrote: >Or you could configure tcpd to log to a file instead of syslog, though >I wouldn't recommend it. (I know many sysadmins who do). If the tought here was to "hide" the log, they would do better to hide tcpd from ps et all. Obscurity method? Better to have a highly secured system taking in the logs and work from there. It should alarm if they stop coming too. >I especially like Mike Jenkins' comment. An excellent suggestion. Agreed. Only used that method on a few server with just too many daemons and not enough LOCAL's. >I've noticed that the ports, some in particular, have become quite >configurable. Yet another opportunity... How so? Usually I either mod the patch or 'make patch' and tweak the source. Both are just a slight hassle, but it seems more correct to change the Makefile or make.conf, which I just happened to do for Apache, since the default structure to me is unwanted. For tcpd it's only one in patch-aa. Sshd needs a quick change in the config file, and my first use of the popper port had me recompiling 2 custom daemons, so as to avoid changes. Overall once you get used to the assumptions the ports are good, but one really should follow the changes and make sure that they meet your needs. Turning on every single bell and whistle in Apache didn't seem sensible, but then knowing what is needed and the fact it doesn't clobber existing files. 8-) Still it can be an opportunity to shoot yourself, especially when you've developed certain habits over the years of rolling your own. Jeff Mountin - Unix Systems TCP/IP networking jeff@mountin.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message