Le Mon, 18 Dec 2006 22:47:03 -0700 "Rick Shelton"
<[EMAIL PROTECTED]> a écrit :
> On 12/18/06, Arden <[EMAIL PROTECTED]> wrote:
> > After installing iptables and the personal firewall script, from blfs-
> > book-cvs-html-2006-10-14, the console starts filling with output.
> > About every 25 seconds or so, the screen fills with messages from the
> > router.
> >
> > How do I keep the log FIREWALL:INPUT from displaying this?
> >
> > -from the network firewall script /etc/rc.d/rc.iptables
> > # Log everything else. What's Windows' latest exploitable vulnerability?
> > iptables -A INPUT -j LOG --log-prefix "FIREWALL:INPUT "
> >
> > thanks, Arden
>
> This bothered me, also.
> The trouble comes from the linux kernel's logging facility.
> I think the default log level is 7, so messages with a higher priority level
> ( less than 7 ) get logged to the console. Unfortunately, the default of 7
> is the lowest priority level. I took two measures to turn off console logging.
>
> modify the klogd startup line in /etc/rc.d/init.d/sysklogd
> so that the default console log level is not the lowest.
> I used 4.
>
> loadproc klogd -c 4
Any chance that you know how to do this with syslog-ng ? I join my
syslogng.conf file for you to check, I don't know why it still log stuff
to the console ?
# Begin /etc/syslog-ng/syslog-ng.conf
#
# Syslog-ng configuration for Linux from Scratch
#
options { sync (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames(off);
use_dns (no);
use_fqdn (no);
create_dirs (no);
keep_hostname (yes);
};
source src {unix-stream("/dev/log");
internal();
pipe("/proc/kmsg");
};
destination authlog { file("/var/log/authorize.log"); };
destination syslog { file("/var/log/syslog.log"); };
destination cron { file("/var/log/cron.log"); };
destination daemon { file("/var/log/daemon.log"); };
destination kernel { file("/var/log/kernel.log"); };
destination lpr { file("/var/log/lpr.log"); };
destination user { file("/var/log/user.log"); };
destination uucp { file("/var/log/uucp.log"); };
destination mail { file("/var/log/mail.log"); };
destination news { file("/var/log/news.log"); };
destination debug { file("/var/log/debug.log"); };
destination messages { file("/var/log/messages.log"); };
destination everything { file("/var/log/everything.log"); };
destination console { usertty("root"); };
destination console_all { file("/dev/tty12"); };
destination iptables { file("/var/log/iptables.log"); };
filter f_auth { facility(auth); };
filter f_authpriv { facility(auth, authpriv); };
filter f_syslog { not facility(authpriv, mail); };
filter f_cron { facility(cron); };
filter f_daemon { facility(daemon); };
filter f_kernel { facility(kern); };
filter f_lpr { facility(lpr); };
filter f_mail { facility(mail); };
filter f_news { facility(news); };
filter f_user { facility(user); };
filter f_uucp { facility(cron); };
filter f_news { facility(news); };
filter f_debug { not facility(auth, authpriv, news, mail); };
filter f_messages { level(info..warn) and not facility(auth, authpriv,
mail, news); };
filter f_everything { level(debug..emerg) and not facility(auth,
authpriv); };
filter f_emergency { level(emerg); };
filter f_info { level(info); };
filter f_notice { level(notice); };
filter f_warn { level(warn); };
filter f_crit { level(crit); };
filter f_err { level(err); };
filter f_iptables { match("FIREWALL:INPUT"); };
log { source(src); filter(f_authpriv); destination(authlog); };
log { source(src); filter(f_syslog); destination(syslog); };
log { source(src); filter(f_cron); destination(cron); };
log { source(src); filter(f_daemon); destination(daemon); };
log { source(src); filter(f_kernel); destination(kernel); };
log { source(src); filter(f_lpr); destination(lpr); };
log { source(src); filter(f_mail); destination(mail); };
log { source(src); filter(f_news); destination(news); };
log { source(src); filter(f_user); destination(user); };
log { source(src); filter(f_uucp); destination(uucp); };
log { source(src); filter(f_debug); destination(debug); };
log { source(src); filter(f_messages); destination(messages); };
log { source(src); filter(f_emergency); destination(console); };
log { source(src); filter(f_everything); destination(everything); };
log { source(src); filter(f_iptables); destination(iptables); };
log { source(src); destination(console_all); };
# END /etc/syslog-ng/syslog-ng.conf
and I just saw some FIREWALL traces in kernel.log !
> also, modify the iptables log rule to use a log-level of lower priority
> (higher number) than the console. I chose 5. Others choose 6.
>
> iptables -A INPUT -j LOG --log-prefix "FIREWALL:INPUT " --log-level 5
>
> I believe FreeBSD logs all console messages to one particular console,
> which is a nice trick, and something I should work to figure out.
This is what I do, but I'm looking for a convenient way to have the
possibility to inspect ALL my logs from time to time, to see if my
security strategy is adequate (I had a virus once, I don't want to repeat
the experience !). This is a solo machine, just doing NAT for my wife's
bloody WinXP$$ box, but this is a dangerous word, isn't it ?
\bye
--
Nicolas FRANCOIS
http://nicolas.francois.free.fr
A TRUE Klingon programmer does NOT comment his code
--
http://linuxfromscratch.org/mailman/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
