Date: Thu, 28 Aug 1997 21:53:56 -0400 (EDT) From: Robert Watson <robert@cyrus.watson.org> To: freebsd-security@FreeBSD.ORG Subject: Re: FW: syslogd fun (fwd) Message-ID: <Pine.BSF.3.96.970828215138.14986C-100000@cyrus.watson.org> In-Reply-To: <199708290014.RAA28531@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 28 Aug 1997, Jonathan M. Bresler wrote: > John-Mark Gurney wrote: > > > > Simon Shapiro scribbled this message on Aug 28: > > > Is this something we have to worry about in FreeBSD? I think it may, but > > > do not know... > > > > nope... freebsd's syslog in -current has the ability to turn on reception > > of such messages from specific hosts... and when you specify "secure" > > mode (which doesn't accept messages) you can still send messages to > > remote hosts for logging... > > hmm....the loghost, the computer running syslogd and accepting > messages from other computers, remains vunerable, as is noted > in the BUGS section of the man page > > "The ability to log messages received in UDP packets is equivalent to an > unauthenticated remote disk-filling service, and should probably be dis- > abled by default. Some sort of inter-syslogd authentication mechanism > ought to be worked out. To prevent the worst abuse, use of the -a option > is therefore highly recommended." > > > filter syslog at your firewall. falls under teh general rule: > "unless you need it, filter it out" I've been working intermittently on a secure syslog protocol allowing for both authentication and protection of syslog messages. I'm still in a design phase, but was thinking of starting up a mailing list for discussing the issues involved (there are many.) One feature I'd like to see is authenticity against original log generator -- even if the message is forwarded multiple times and then logged, it can be verified against an original signer. Some authentication log data should remain private, and such a feature would also be offered.. This is all weighed against excess processor use, of course :). Robert N Watson Junior, Logic+Computation, Carnegie Mellon University http://www.cmu.edu/ Network Administrator, SafePort Network Services http://www.safeport.com/ robert@fledge.watson.org rwatson@safeport.com http://www.watson.org/~robert/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.970828215138.14986C-100000>