Date: Tue, 28 Nov 2000 18:49:00 -0600 (CST) From: Mike Meyer <mwm@mired.org> To: trini0 <trini0@optonline.net> Cc: questions@freebsd.org Subject: Re: syslog ? Message-ID: <14884.21116.876366.998002@guru.mired.org> In-Reply-To: <30779630@toto.iv>
next in thread | previous in thread | raw e-mail | index | archive | help
trini0 <trini0@optonline.net> types: > - --------------650F8F0E9C59A45E52C434B7 > Content-Type: text/plain; charset=us-ascii > Content-Transfer-Encoding: 7bit > > I came across a web site that tests network security. I ran it on my > router running FBSD 4.2S w/ipfil 3.4.8. Part of the results came back > saying that port 514 that syslog was using was insecure and they sent a > little message to the syslog daemon ==> > > Nov 28 12:59:09 gw /kernel: icmp-response bandwidth limit 225/200 pps > > Nov 28 12:59:12 gw /kernel: icmp-response bandwidth limit 236/200 pps > > Nov 28 12:59:15 gw /kernel: icmp-response bandwidth limit 228/200 pps > > Nov 28 12:59:21 gw /kernel: icmp-response bandwidth limit 201/200 pps > > I checked out some man pages and came across running syslogd in secure > mode with the -s option. Is this recommended, to make syslogd be more > secure? What file would I put this option in? (I didn't know where to > enable -s) Or should I just block off port 514 coming in from the > internet on the firewall?? > Thanks > trini0 4.2 should be running syslogd with the -s flag by default. Check /etc/defaults/rc.conf to verify that syslogd_enable="YES" and syslogd_flags="-s". If so, then check /etc/rc.conf to verify that they aren't changed. If syslogd_enable is not set to "YES", then something else is listening on the syslog port, and you need to deal with that something else. Also, your mailer is sending HTML as well as plain text. Please make it stop, and just send plain text. <mike > > <!doctype html public "-//w3c//dtd html 4.0 transitional//en"> > <html> > I came across a web site that tests network security. I ran it on > my router running FBSD 4.2S w/ipfil 3.4.8. Part of the results came > back saying that port 514 that syslog was using was insecure and they sent > a little message to the syslog daemon ==> > <p>Nov 28 12:59:09 gw /kernel: icmp-response bandwidth > limit 225/200 pps > <p>Nov 28 12:59:12 gw /kernel: icmp-response bandwidth > limit 236/200 pps > <p>Nov 28 12:59:15 gw /kernel: icmp-response bandwidth > limit 228/200 pps > <p>Nov 28 12:59:21 gw /kernel: icmp-response bandwidth > limit 201/200 pps > <p>I checked out some man pages and came across running syslogd in secure > mode with the -s option. Is this recommended, to make syslogd be > more secure? What file would I put this option in? (I didn't > know where to enable -s) Or should I just block off port 514 coming > in from the internet on the firewall?? > <br>Thanks > <br>trini0 > <br> > <pre>-- > > > _____________________________ > | trini0 | > | | > / ) | Systems Administrator | > / / | Network Engineer | > ( ( | email ==> | > (((\ \> |/ ) trini0@optonline.net | > (\\\\ \_/ /_________________________| > \ / > \ _/ > / / > / /</pre> > </html> > > - --------------650F8F0E9C59A45E52C434B7-- > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > -- Mike Meyer http://www.mired.org/home/mwm/ Independent WWW/Unix/FreeBSD consultant, email for rates. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14884.21116.876366.998002>