Date: Thu, 29 Aug 1996 10:49:22 -0700 (PDT) From: Doug White <dwhite@gdi.uoregon.edu> To: "Neil C. Jensen" <njensen@salsa.habaneros.com> Cc: "'questions@freebsd.org'" <questions@freebsd.org> Subject: RE: lost /dev/log Message-ID: <Pine.BSI.3.94.960829104509.229H-100000@gdi.uoregon.edu> In-Reply-To: <01BB94C3.40C97A20@jalapeno.habaneros.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 28 Aug 1996, Neil C. Jensen wrote: > Problem solved. I had syslog commented out in /etc/services. Once I > uncommented it and restarted inetd.conf, /dev/log appeared and logging > started. The boot messages then appeared in the /var/log/messages file. > > One question, though; I had disabled syslog in services while following a > security checklist from AUCERT. Why is syslog a security risk? Why won't > syslog work without the TCP socket and just the /dev/log? I have no idea why they removed it, other than so I can't fill your system log with odd messages if I decide to be evil. Unfortunately, syslog is way to inportant to disable. I don't see a way offhand to remove the TCP port; I guess you could move it to something else and change all the systems that log to your machine to use the new port. Why it wouldn't work w/o the TCP port, my guess would be that some programs may communicate directly with the program using the loopback network device instead of the UNIX domain socket. Doug White | University of Oregon Internet: dwhite@resnet.uoregon.edu | Residence Networking Assistant http://gladstone.uoregon.edu/~dwhite | Computer Science Major
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.3.94.960829104509.229H-100000>