D&C Lug - Home Page
Devon & Cornwall Linux Users' Group

[ Date Index ][ Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Syslog generator



John Horne wrote:

How you start syslogd ? "-r" ?

Oh ,well done! :-) As the man page says allowing 'remote reception' is a
unix default, but not under linux. I assumed syslog was able to receive
remote messages. Anyway, I restarted syslog with '-r', and it all works fine.

Hmm, and it claims to implement all BSD syslog defaults except
this one, just to fool you. I assume it is because syslog has
been the victim of many a hack, including lame ones that just
use control characters to hide incriminating syslog messages.

I'm sure Herr Hildebrandt or Mr Muffett or some other security
guru pointed me at a encryption enabled syslog daemon some time
in the dim and distant past. I think you can easily prevent
spoofing and restrict logging to specific hosts, but you can't
easily prevent people sniffing your remote syslog messages,
which may reveal information that should only be visible to
system admins (or reveal the lack of an intruder detection
system ;). Even silly things like other peoples e-mail subject
lines, and 'to' field can go over syslog, although the whole
e-mail may have gone over the network unencrypted (SMTP over SSL
is your friend) in most networks.

Although Alex can probably tell you how to use FreeSWAN to do
it, and probably openssl will do something similar.....

Your paranoia may vary ;)

-- 
"Don't get me started on intuitive. You know what's intuitive?
Fear of heights. Everything else we call intuitive, such as
walking or using a pencil took years of practice." - Don Norman

--
The Mailing List for the Devon & Cornwall LUG
Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the
message body to unsubscribe.


Lynx friendly