Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
09-25-2006, 02:53 AM
|
#1
|
Member
Registered: Jun 2003
Distribution: SuSE, Slackware, Gentoo
Posts: 207
Rep:
|
Hardening syslog-ng
I am running syslog-ng as my logging utility on Gentoo and was reading up on how the utility works; it provides a UDP port for remote logging. I am running the system on a laptop that is not part of any network or acting as a server.
My question is this, would it be okay just to disable this in /etc/services or do some local programs need this service up to perform logging correctly?
Also, as an aside, how would I write to the messages file via syslog-ng from the command line (eg. within a bash script.)
|
|
|
09-25-2006, 03:21 AM
|
#2
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
|
by default syslog-ng normally only listens locally, on 127.0.0.1. you can check the syslog-ng.conf file yourself to see whichnetworks are being listened to.
|
|
|
09-25-2006, 05:52 AM
|
#3
|
Senior Member
Registered: Nov 2002
Location: British Columbia, Canada
Distribution: Gentoo x86_64; FreeBSD; OS X
Posts: 3,762
Rep:
|
Quote:
Also, as an aside, how would I write to the messages file via syslog-ng from the command line (eg. within a bash script.)
|
man logger
It is part of the 'util-linux' package so should already be installed on a Gentoo system.
|
|
|
09-26-2006, 01:43 AM
|
#4
|
Member
Registered: Jun 2003
Distribution: SuSE, Slackware, Gentoo
Posts: 207
Original Poster
Rep:
|
Thanks Bulliver for the info on logging; this helps alot!
Acid Kewpie,
Thanks for the information regarding networking port access on the syslog-ng utility. I tried checking out syslog-ng.conf but couldn't find any information related to network configuration. (besides chain_hostnames.) I checked out syslog-ng's website and looking at the sample config code, it seems that Gentoo automatically loads the ebuild with network logging disabled.
Code:
options {
chain_hostnames(off);
sync(0);
stats(43200);
};
source src { unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); };
destination messages { file("/var/log/messages"); };
destination console_all { file("/dev/tty12"); };
log { source(src); destination(messages); };
log { source(src); destination(console_all); };
|
|
|
09-26-2006, 03:45 AM
|
#5
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
|
yes, in fact while i'm not using gentoo on my work systems, it's their really great documentation that got it set up. gentoo might be run by a bunch of backstabbing hippies, but they do write *very* good documentation.
Last edited by acid_kewpie; 09-26-2006 at 06:03 AM.
|
|
|
09-26-2006, 04:47 AM
|
#6
|
LQ Newbie
Registered: Sep 2006
Location: Germany
Distribution: FreeBSD
Posts: 29
Rep:
|
Is there nothing like this?:
Code:
source s_external {
tcp ( ip(0.0.0.0) port(514) keep-alive(yes));
};
|
|
|
09-26-2006, 01:14 PM
|
#7
|
Member
Registered: Jun 2003
Distribution: SuSE, Slackware, Gentoo
Posts: 207
Original Poster
Rep:
|
Correct, there is no statement in the config file as mentioned above. What I pasted into my last reply is the entire configuration file.
|
|
|
09-26-2006, 01:25 PM
|
#8
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
|
having something like syslog listening for external ip connections by default makes no sense whatsoever. it's just another security hole if that's the case, as 99.9%+ syslog instances in the world are only for the local host.
|
|
|
09-26-2006, 06:26 PM
|
#9
|
Senior Member
Registered: Nov 2002
Location: British Columbia, Canada
Distribution: Gentoo x86_64; FreeBSD; OS X
Posts: 3,762
Rep:
|
Quote:
gentoo might be run by a bunch of backstabbing hippies,
|
I see you follow gentoo-dev as well..
|
|
|
All times are GMT -5. The time now is 06:45 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|