[55403] in North American Network Operators' Group
Re: Is it time to block all Microsoft protocols in the core?
daemon@ATHENA.MIT.EDU (David Charlap)
Tue Jan 28 15:44:18 2003
Date: Tue, 28 Jan 2003 15:43:08 -0500
From: David Charlap <David.Charlap@marconi.com>
To: Joe Abley <jabley@isc.org>
Cc: Sean Donelan <sean@donelan.com>, nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
Joe Abley wrote:
>=20
> You're using mixed tense in these sentences, so I can't tell whether yo=
u=20
> think that syslog's network port is open by default on operating system=
s=20
> today.
>=20
> On FreeBSD, NetBSD, OpenBSD and Darwin/Mac OS X (the only xterms I=20
> happen to have open right now) this is not the case, and has not been=20
> for some time. I presume, perhaps na=EFvely, that other operating syste=
ms=20
> have done something similar.
Current versions of Linux appear to be safe. This is from the syslog=20
package that ships with RedHat version 8 (sysklogd package version=20
1.4.1-10).
NAME
sysklogd - Linux system logging utilities.
...
OPTIONS
...
-r This option will enable the facility to receive
message from the network using an internet domain
socket with the syslog service (see services(5)).
The default is to not receive any messages from
the network.
This option is introduced in version 1.3 of the
sysklogd package. Please note that the default
behavior is the opposite of how older versions
behave, so you might have to turn this on.
The default RedHat installation does not turn on this option.
Looking through RedHat's FTP server, their 4.2 distribution (the oldest=20
on on their server) is at version 1.3-15, and therefore incorporates=20
this feature. This release has a README dated 1997, and the sysklogd=20
package on their server is dated December 1996.
I would assume that other Linux distributions from the same era (1997=20
through the present) would also have sysklogd version 1.3 or later, and=20
therefore have this feature.
-- David
