On Wed, Dec 05, 2001 at 09:00:57AM +0100, Robert Magier wrote: > On Wed, 5 Dec 2001, Yotam Rubin wrote: > > > Nothing, it's a runtime argument. When invoking syslogd, use the -f > > argument to specify an alternative configuration file. This is documented in > > the man page. > > > > Regards, Yotam Rubin > > > > Yes, I know it is an runtime argument,but if you don't set this, and just > type > syslogd /etc/syslog.conf will be load by default. > This is what I want to change. > For example, I want my syslog to forward all logs to another server, but I > don't want anyone who would compromise my system to get it know too easly.
A simple 'grep syslog\.conf' in the source tree revealed that the default configuration file path is contained in paths. This does not provide any sort of protection. The intruder can strace syslogd and determine which file it opens. I'm against this sort of "security", but you can try to obscure the configuration file location in the following manner: Create a wrapper script which copies the real configuration file to some temporary location, e.g. /tmp/zaboo.conf. Invoke syslogd in the wrapper specifying the temporary configuration file. After syslogd detaches, remove the temporary configuration file. Of course, you need to obscure the location of the wrapper, so this is an endless game, unless you add some non-standard ACL features to your kernel. Regards, Yotam Rubin > > > -- > Robert Magier > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]