From owner-freebsd-security  Mon Jul 27 15:09:02 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id PAA21443
          for freebsd-security-outgoing; Mon, 27 Jul 1998 15:09:02 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from gateman.zeus.leitch.com (gateman.zeus.leitch.com [204.187.61.193])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA21390
          for <security@FreeBSD.ORG>; Mon, 27 Jul 1998 15:08:37 -0700 (PDT)
          (envelope-from woods@mail.zeus.leitch.com)
Received: from zeus.leitch.com (tap.zeus.leitch.com [204.187.61.10]) by gateman.zeus.leitch.com (8.8.5/8.7.3/1.0) with ESMTP id SAA04421; Mon, 27 Jul 1998 18:05:47 -0400 (EDT)
Received: from brain.zeus.leitch.com (brain.zeus.leitch.com [204.187.61.32]) by zeus.leitch.com (8.7.5/8.7.3/1.0) with ESMTP id SAA17004; Mon, 27 Jul 1998 18:05:47 -0400 (EDT)
Received: (from woods@localhost)
	by brain.zeus.leitch.com (8.8.8/8.8.8) id SAA14388;
	Mon, 27 Jul 1998 18:09:28 -0400 (EDT)
	(envelope-from woods@mail.zeus.leitch.com)
Date: Mon, 27 Jul 1998 18:09:28 -0400 (EDT)
Message-Id: <199807272209.SAA14388@brain.zeus.leitch.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
From: woods@zeus.leitch.com (Greg A. Woods)
To: "Jan B. Koum " <jkb@best.com>
Cc: security@FreeBSD.ORG
Subject: Re: files in /var/log 
In-Reply-To: Jan B. Koum 's message
	of "Mon, July 27, 1998 11:30:30 -0700"
	regarding "Re: files in /var/log "
	id <Pine.BSF.3.96.980727112528.29202C-100000@shell6.ba.best.com>
References: <24385.901543204@iafrica.com>
	<Pine.BSF.3.96.980727112528.29202C-100000@shell6.ba.best.com>
X-Mailer: VM 6.45 under Emacs 20.2.1
Reply-To: security@FreeBSD.ORG
Organization: Planix, Inc.; Toronto, Ontario; Canada
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

[ On Mon, July 27, 1998 at 11:30:30 (-0700), Jan B. Koum  wrote: ]
> Subject: Re: files in /var/log 
>
> 	There are many reasons. With /var/log/maillog it is privacy
> issues: do you really want everyone on your system to know you sent mail
> to sales@class-sex-toys.com or that you are exchanging mail with your
> competitor.

Some of the other BSDs do ship with /var/log/mail at mode 640.

However on my own machines the mailer logs are a matter of public record
and available for all to see.

Local policy should dictate and so far as I'm concerned the default
should be more open than not.

> 	With /var/log/messages -- well, there is NOTHING there that
> average user needs. If you are an admin, you are most likely in the wheel
> group already and should have read access to /var/log/messages w/o doing
> su(1). People sometimes might enter their password at the login: prompt --
> do you want all your users to read this? Do you want all your users to
> know other similar information? If so, chmod a+r /var/log/messages on your
> system. I still think by default we should ship /var/log/* files group
> read and world nothing.

/var/log/messages should never contain bad login records.  They go in
/var/log/authpriv, which unfortunately FreeBSD doesn't have by default.

Making /var/log/messages unreadable by everyone would be very very very
unfriendly in my books -- this is something any user should be able to
look at.

Again, local policy should dictate, and in general everything but stuff
to the authpriv facility (and maybe auth too) should be readable by
everyone by default.

See for example syslog(3)'s advice:

     LOG_AUTHPRIV  The same as LOG_AUTH, but logged to a file readable only by
                   selected individuals.

Here's my /etc/syslog.conf:

*.err;kern.*;auth.warning;authpriv.none;mail.crit       /dev/console
*.info;auth,authpriv,cron,ftp,kern,lpr,mail.none        /var/log/messages
kern.debug                                              /var/log/messages

# the master debug file should not be world readable
*.*                                                     /var/log/debug

# these files can be world readable to assist users
daemon.*                                                /var/log/daemon
kern.*                                                  /var/log/kern
lpr.*                                                   /var/log/lpr
mail.*                                                  /var/log/mail
news.info                                               /var/log/news
syslog.*                                                /var/log/syslog
user.*                                                  /var/log/user
uucp.info                                               /var/log/uucp
local0.*;local1.*;local2.*;local3.*;local4.*;local5.*;local6.*;local7.* /var/log/local

# The authpriv log file should be restricted access; these
# messages shouldn't go to terminals or publically-readable
# files.
auth.*                                                  /var/log/auth
authpriv.*                                              /var/log/authpriv

cron.info                                               /var/cron/log
ftp.info                                                /var/log/xferlog
lpr.info                                                /var/log/lpd-errs
#uucp.info                                              /var/spool/uucp/ERRORS

# immeadiate warnings
*.emerg                                                 *
*.alert;kern.err;daemon.err;auth.warning;user.none      root,operator

-- 
							Greg A. Woods

+1 416 443-1734      VE3TCP      <gwoods@acm.org>      <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message