From owner-freebsd-questions@freebsd.org  Thu Oct 12 21:32:18 2017
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6E7FBE355E4
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Thu, 12 Oct 2017 21:32:18 +0000 (UTC)
 (envelope-from rfg@tristatelogic.com)
Received: from outgoing.tristatelogic.com (segfault.tristatelogic.com
 [69.62.255.118])
 by mx1.freebsd.org (Postfix) with ESMTP id 5B13A682FE
 for <freebsd-questions@freebsd.org>; Thu, 12 Oct 2017 21:32:18 +0000 (UTC)
 (envelope-from rfg@tristatelogic.com)
Received: from segfault-nmh-helo.tristatelogic.com (localhost [127.0.0.1])
 by segfault.tristatelogic.com (Postfix) with ESMTP id 7EE4F3AEFC
 for <freebsd-questions@freebsd.org>; Thu, 12 Oct 2017 14:32:17 -0700 (PDT)
From: "Ronald F. Guilmette" <rfg@tristatelogic.com>
To: freebsd-questions@freebsd.org
Subject: Re: Install-time "hardening" options
In-Reply-To: <21945e9b-6573-5f8d-9b6d-26bbb8bfd748@sentex.net>
Date: Thu, 12 Oct 2017 14:32:17 -0700
Message-ID: <5273.1507843937@segfault.tristatelogic.com>
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Oct 2017 21:32:18 -0000


In message <21945e9b-6573-5f8d-9b6d-26bbb8bfd748@sentex.net>, 
Mike Tancsa <mike@sentex.net> wrote:

>> (*)  Disable opening Syslogd network socket (disables remote logging)
>
>Is not the default -s and this options makes it -ss. "disable remote
>logging" as in the host you are configuring cannot send out messages to
>other syslogd servers.

Was that a question or a statement?

If you are assering that indeed, yes, star'ing this specific "hardening"
option just causes the local machine to -not- send -outbound- syslog
messages, then certainly, that is indeed a horse of a different color
from what I was talking about, which was -accepting- -inbound- syslog
messages/packets.

At the very least, the wording on this option should be clarified to
make it apparent if the thing being disabled in this case is inbound
syslog messages or outbound ones.