From owner-freebsd-security  Wed Apr  5 11:52:50 2000
Delivered-To: freebsd-security@freebsd.org
Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2])
	by hub.freebsd.org (Postfix) with ESMTP id 1C49D37B809
	for <security@freebsd.org>; Wed,  5 Apr 2000 11:52:35 -0700 (PDT)
	(envelope-from jwyatt@rwsystems.net)
Received: from bsdie.rwsystems.net([209.197.223.2]) (1321 bytes) by bsdie.rwsystems.net
	via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp
	(sender: <jwyatt@rwsystems.net>) 
	id <m12cuqz-000CCiC@bsdie.rwsystems.net>
	for <security@freebsd.org>; Wed, 5 Apr 2000 13:48:37 -0500 (CDT)
	(Smail-3.2.0.106 1999-Mar-31 #1 built 1999-Aug-7)
Date: Wed, 5 Apr 2000 13:48:36 -0500 (CDT)
From: James Wyatt <jwyatt@rwsystems.net>
To: matt@csis.gvsu.edu
Cc: Andre Gironda <andre@sun4c.net>, goten@linux.sduteam.com,
	security@freebsd.org
Subject: Re: Queston on secure syslogd
In-Reply-To: <20000405141940.A6357@eos16.csis.gvsu.edu>
Message-ID: <Pine.BSF.4.10.10004051345330.44209-100000@bsdie.rwsystems.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Wed, 5 Apr 2000 matt@csis.gvsu.edu wrote:
> > Over the Internet, I'd be more likely to use scp, rsync, or CVSup
> > even though I should probably use something better like IPSec or SNMPv3.
> 
> Things like scp that copy files won't deliver messages in (pseudo)
> real-time. I don't know if this is a priority for the original poster. 
> The simplest solution is to use a syslogd that delivers over TCP and 
> send messages through an ssh tunnel.

My first thought was a ssh of a remote 'tail -f', but the ssh tunnel
sounds best here to me too, fwiw. What about limiting the tunnel to just
syslog so you don't have anyone trying to hack a machine through it. - Jy@



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message