LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Hardening syslog-ng (https://www.linuxquestions.org/questions/linux-security-4/hardening-syslog-ng-486709/)

unreal128 09-25-2006 01:53 AM
Hardening syslog-ng
 
I am running syslog-ng as my logging utility on Gentoo and was reading up on how the utility works; it provides a UDP port for remote logging. I am running the system on a laptop that is not part of any network or acting as a server.

My question is this, would it be okay just to disable this in /etc/services or do some local programs need this service up to perform logging correctly?

Also, as an aside, how would I write to the messages file via syslog-ng from the command line (eg. within a bash script.)

acid_kewpie 09-25-2006 02:21 AM
by default syslog-ng normally only listens locally, on 127.0.0.1. you can check the syslog-ng.conf file yourself to see whichnetworks are being listened to.

bulliver 09-25-2006 04:52 AM
Quote:
Also, as an aside, how would I write to the messages file via syslog-ng from the command line (eg. within a bash script.)
man logger

It is part of the 'util-linux' package so should already be installed on a Gentoo system.

unreal128 09-26-2006 12:43 AM
Thanks Bulliver for the info on logging; this helps alot!

Acid Kewpie,
Thanks for the information regarding networking port access on the syslog-ng utility. I tried checking out syslog-ng.conf but couldn't find any information related to network configuration. (besides chain_hostnames.) I checked out syslog-ng's website and looking at the sample config code, it seems that Gentoo automatically loads the ebuild with network logging disabled.

Code:
options {
        chain_hostnames(off);
        sync(0);
        stats(43200);
};

source src { unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); };

destination messages { file("/var/log/messages"); };
destination console_all { file("/dev/tty12"); };

log { source(src); destination(messages); };
log { source(src); destination(console_all); };

acid_kewpie 09-26-2006 02:45 AM
yes, in fact while i'm not using gentoo on my work systems, it's their really great documentation that got it set up. gentoo might be run by a bunch of backstabbing hippies, but they do write *very* good documentation.

JiYu 09-26-2006 03:47 AM
Is there nothing like this?:

Code:
source s_external {
                        tcp ( ip(0.0.0.0) port(514) keep-alive(yes));
};

unreal128 09-26-2006 12:14 PM
Correct, there is no statement in the config file as mentioned above. What I pasted into my last reply is the entire configuration file.

acid_kewpie 09-26-2006 12:25 PM
having something like syslog listening for external ip connections by default makes no sense whatsoever. it's just another security hole if that's the case, as 99.9%+ syslog instances in the world are only for the local host.

bulliver 09-26-2006 05:26 PM
Quote:
gentoo might be run by a bunch of backstabbing hippies,
I see you follow gentoo-dev as well..


All times are GMT -5. The time now is 08:56 AM.