From owner-freebsd-security Thu Sep 7 12:21:54 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id MAA06044 for security-outgoing; Thu, 7 Sep 1995 12:21:54 -0700 Received: from who.cdrom.com (who.cdrom.com [192.216.222.3]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id MAA06038 for ; Thu, 7 Sep 1995 12:21:53 -0700 Received: from sivka.carrier.kiev.ua (sivka.carrier.kiev.ua [193.125.68.130]) by who.cdrom.com (8.6.11/8.6.11) with ESMTP id MAA02945 for ; Thu, 7 Sep 1995 12:19:59 -0700 Received: from elvisti.kiev.ua (uucp@localhost) by sivka.carrier.kiev.ua (Sendmail 8.who.cares/5) with UUCP id WAA17889 for security@freebsd.org; Thu, 7 Sep 1995 22:18:26 +0300 Received: from office.elvisti.kiev.ua (office.elvisti.kiev.ua [193.125.28.33]) by spider2.elvisti.kiev.ua (8.6.12/8.6.9) with ESMTP id UAA16792 for ; Thu, 7 Sep 1995 20:07:28 +0300 Received: (from stesin@localhost) by office.elvisti.kiev.ua (8.6.12/8.6.9) id UAA29202; Thu, 7 Sep 1995 20:07:27 +0300 From: "Andrew V. Stesin" Message-Id: <199509071707.UAA29202@office.elvisti.kiev.ua> Subject: Re: Do we *really* need logger(1)? To: wollman@lcs.mit.edu (Garrett A. Wollman) Date: Thu, 7 Sep 1995 20:07:26 +0300 (EET DST) Cc: security@freebsd.org In-Reply-To: <9509062102.AA21414@halloran-eldar.lcs.mit.edu> from "Garrett A. Wollman" at Sep 6, 95 05:02:50 pm X-Mailer: ELM [version 2.4 PL24alpha5] Content-Type: text Content-Length: 1408 Sender: security-owner@freebsd.org Precedence: bulk Hello, # > True. My point was that xinetd can wrap UDP daemons and tcp_wrapper # > can not. Plus, xinetd can do it without exec'ing an additional program. # # > Filters on border routers should be used to block "outside" syslogd abuse. # # Um, no, syslog should be fixed to not accept random junk from anyone # who cares to send it. Another 2 things which (I beleive) are worth the effort: (a) Some king of ACK protocol when logging goes to another host; seems to be a better solution than using TCP connection. I've read about this kind of simple and cost-effective message exchange protocols in Addison-Wesley book on distributed computing, 2 ed. For a pity, that book wasn't mine. (b) Optional encryption capability for the messages, using the system-wide libcrypt facility; even very simple one will be good, with parameters stored in /etc/syslog.conf. Better than nothing, really. # Packet filtering is never the correct answer, # despite what some vendors may try to make people think. How one can design a strategy of living without it? What are better solutions? # As for `logger', it's a useful tool that anyone could write if it did # not exist before. People running public-access systems should do the # same thing to `logger' as they do to `cc', `as', and `ld'. Agreed. # # -GAWollman # -- With best regards -- Andrew Stesin.