[642] in linux-security and linux-alert archive
Re: [linux-security] Summary re: syslogd spam
daemon@ATHENA.MIT.EDU (Jeff Uphoff)
Thu Mar 28 19:15:53 1996
Date: Thu, 28 Mar 1996 15:03:31 -0500
From: Jeff Uphoff <juphoff@tarsier.cv.nrao.edu>
To: Olaf Kirch <okir@monad.swb.de>
Cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: Your message of Tue, March 19, 1996 21:36:02 +0100
"OK" == Olaf Kirch <okir@monad.swb.de> writes:
OK> There have been quite a number of responses regarding John Betts' message,
OK> which I summarize below.
OK> From: jacob@esisys.com (Jacob Langseth)
> syslogd listens on UDP port 516, and will log what it receives to the
> system logs.
> [mod: It's port 514 anyway --okir]
> ...
> I know of no way to disable it short of filtering it at the network
> level -- you could either set the router for your network to drop
> incoming UDP packets destined for port 516, or enable the firewalling
> code in the linux kernel and have a rule like:
Just an FYI on this subject (since nobody has mentioned it yet)...Greg
Wettstein's sysklogd v1.3--released late last month--has an internal
disable for remote logging. From a beta release's README:
Very important information before using version 1.3
---------------------------------------------------
The included version of syslogd behaves in a slightly different manner
to the one in former releases. Please review the following important
differences:
* By default the syslog daemon doesn't accept any message from the
syslog/udp port. To enable this add "-r" to the command-line
arguments. You _have to_ add this on every host that should run as a
centralized network log server.
This version is now available at:
tsx-11.mit.edu:/pub/sources/sbin/sysklogd-1.3.tar.gz
and
sunsite.unc.edu:/pub/Linux/system/Daemons/sysklogd-1.3.tar.gz
--Up.
--
Jeff Uphoff - systems/network admin. | juphoff@nrao.edu
National Radio Astronomy Observatory | juphoff@bofh.org.uk
Charlottesville, VA, USA | jeff.uphoff@linux.org
PGP key available at: http://www.cv.nrao.edu/~juphoff/
