Re: excessive paranoia in syslogd(8)?
On Mon, Jan 22, 2001 at 12:40:00PM -0500, Garrett Wollman wrote: > < said: > > > If you want to or need to use network sockets, > > > # syslogd -a localhost > > > Should provide the behavior you want. > > I.e., no security whatsoever. Well, yeah, it's syslogd(8) and as the manpage says, BUGS The ability to log messages received in UDP packets is equivalent to an unauthenticated remote disk-filling service... However, doing 'syslogd -a localhost' should really not be much worse than 'syslogd -s' or '-ss'. In all three cases, a local user can nail you. The only risk I see is 127.0.0.1 being forced in from the LAN, and even then, I can't recall if FreeBSD will ever accept loopback numbers coming in a non-loopback interface. And that still is only local net, 127/8 packets aren't going to be routed. -- Crist J. Clark [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: excessive paranoia in syslogd(8)?
< said: > If you want to or need to use network sockets, > # syslogd -a localhost > Should provide the behavior you want. I.e., no security whatsoever. -GAWollman To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: excessive paranoia in syslogd(8)?
On Sat, Jan 20, 2001 at 11:39:37PM -0600, Steve Price wrote: > On Sat, Jan 20, 2001 at 09:20:39PM -0800, Crist J. Clark wrote: > # > # You can write to the /dev/log (usually symlinked to /var/run/log) > # socket with '-s' set. > # > # If you want to or need to use network sockets, > # > # # syslogd -a localhost > # > # Should provide the behavior you want. As you noted this is not the > # same as '-s'. It is a feature and not a bug. > > I'm still deciding on that... Here's what I see: > > steve@test1(~)$ telnet localhost 514 > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > Connection closed by foreign host. > steve@test1(/tmp/tard)$ > > steve@bonsai(~)$ telnet 192.168.21.28 514 > Trying 192.168.21.28... > Connected to 192.168.21.28. > Escape character is '^]'. > Connection closed by foreign host. > > And here is what I see in syslogd: > > test1# syslogd -d -a localhost > ... > logmsg: pri 45, flags 0, from test1, msg Jan 20 23:34:52 rshd[53675]: > connection from 127.0.0.1 on illegal port 1186 > Logging to CONSOLE /dev/console > Logging to FILE /var/log/messages > Logging to USERS > logmsg: pri 45, flags 0, from test1, msg Jan 20 23:34:54 rshd[53676]: > connection from 192.168.21.1 on illegal port 2855 > Logging to CONSOLE /dev/console > Logging to FILE /var/log/messages > Logging to USERS It looks like syslogd(8) is working fine from this. Is something with syslogd(8) not working? 'tail /var/log/messages' aren't those messages there? -- Crist J. Clark [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: excessive paranoia in syslogd(8)?
Steve Price <[EMAIL PROTECTED]> writes: > Aha! I must have read that manpage a dozen times and I didn't catch > on, but if I do this it works like I would expect even with '-s'. ...and even with -ss, which you might as well use unless you intend to log *to* remote hosts, or are sufficiently paranoid to want to log attempts *from* remote hosts to log *to* your box. DES -- Dag-Erling Smorgrav - [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: excessive paranoia in syslogd(8)?
On Sun, Jan 21, 2001 at 06:29:02AM +0100, Dag-Erling Smorgrav wrote: # Steve Price <[EMAIL PROTECTED]> writes: # > Is it just me or does 'syslogd -s' exhibit just a little bit too # > much paranoia about allowing socket connections? I was futzing # > with a Perl script that needed to syslog(3) some stuff and after # > much hair pulling I realized that 'syslogd -s' didn't even allow # > connections from localhost. # # RTFM ('perldoc Sys::Syslog' in this case, pay special attention to # setlogsock()) Aha! I must have read that manpage a dozen times and I didn't catch on, but if I do this it works like I would expect even with '-s'. #!/usr/bin/perl -w use Sys::Syslog qw(:DEFAULT setlogsock); setlogsock('unix'); openlog('foo', 'cons,ndelay,pid', 'local0'); syslog('emerg', 'emerg message'); closelog(); Thanks! :) -steve To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: excessive paranoia in syslogd(8)?
On Sat, Jan 20, 2001 at 09:20:39PM -0800, Crist J. Clark wrote: # # You can write to the /dev/log (usually symlinked to /var/run/log) # socket with '-s' set. # # If you want to or need to use network sockets, # # # syslogd -a localhost # # Should provide the behavior you want. As you noted this is not the # same as '-s'. It is a feature and not a bug. I'm still deciding on that... Here's what I see: steve@test1(~)$ telnet localhost 514 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Connection closed by foreign host. steve@test1(/tmp/tard)$ steve@bonsai(~)$ telnet 192.168.21.28 514 Trying 192.168.21.28... Connected to 192.168.21.28. Escape character is '^]'. Connection closed by foreign host. And here is what I see in syslogd: test1# syslogd -d -a localhost ... logmsg: pri 45, flags 0, from test1, msg Jan 20 23:34:52 rshd[53675]: connection from 127.0.0.1 on illegal port 1186 Logging to CONSOLE /dev/console Logging to FILE /var/log/messages Logging to USERS logmsg: pri 45, flags 0, from test1, msg Jan 20 23:34:54 rshd[53676]: connection from 192.168.21.1 on illegal port 2855 Logging to CONSOLE /dev/console Logging to FILE /var/log/messages Logging to USERS ??? -steve To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: excessive paranoia in syslogd(8)?
Steve Price <[EMAIL PROTECTED]> writes: > Is it just me or does 'syslogd -s' exhibit just a little bit too > much paranoia about allowing socket connections? I was futzing > with a Perl script that needed to syslog(3) some stuff and after > much hair pulling I realized that 'syslogd -s' didn't even allow > connections from localhost. RTFM ('perldoc Sys::Syslog' in this case, pay special attention to setlogsock()) DES -- Dag-Erling Smorgrav - [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: excessive paranoia in syslogd(8)?
On Sat, Jan 20, 2001 at 10:49:44PM -0600, Steve Price wrote: > Is it just me or does 'syslogd -s' exhibit just a little bit too > much paranoia about allowing socket connections? I was futzing > with a Perl script that needed to syslog(3) some stuff and after > much hair pulling I realized that 'syslogd -s' didn't even allow > connections from localhost. Apparently Perl opens a socket > connection to syslog and with the '-s' syslogd doesn't read from > socket connections either from localhost or from hosts specified > with -a. This is a bad thing IMHO. Either I open syslogd up to > all socket connections (including from localhost) or I can't use > syslog from Perl. You can write to the /dev/log (usually symlinked to /var/run/log) socket with '-s' set. If you want to or need to use network sockets, # syslogd -a localhost Should provide the behavior you want. As you noted this is not the same as '-s'. It is a feature and not a bug. -- Crist J. Clark [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message