ports/91047: ipsec-tools syslogs at 'daemon.info' which doesn't go anywhere
VANHULLEBUS Yvan
vanhu at netasq.com
Fri Dec 30 10:40:09 UTC 2005
The following reply was made to PR ports/91047; it has been noted by GNATS.
From: VANHULLEBUS Yvan <vanhu at netasq.com>
To: bug-followup at FreeBSD.org, B.Candler at pobox.com
Cc:
Subject: Re: ports/91047: ipsec-tools syslogs at 'daemon.info' which doesn't go anywhere
Date: Fri, 30 Dec 2005 11:34:42 +0100
--/9DWx/yDrRhgMJTb
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Hi.
For that specific file permission problem, this is documented in
racoon.conf's man page....
However, sending syslogs to /dev/null (well, that's the result...) by
default is not a good idea for such a daemon !
The best (and quicker) short term solution is probably to patch racoon
to use LOG_SECURITY instead of LOG_DAEMON, here is a quick patch for
that (ready to insert in port's files dir). But be careful about
setting racoon in debug mode after that, you may really have *lots* of
messages then !!!
A better mid-term solution will probably be to allow such parameters
to be configured in racoon.conf, I'll do that for a futur major
version (0.7 ?) of ipsec-tools.
I'll also try to improve racoon's reaction when having such a weak psk
file (send a more explicit message in debug ? refuse to start ? read
anyways the file but send explicit warnings ?).
Yvan.
--
NETASQ - Secure Internet Connectivity
http://www.netasq.com
--/9DWx/yDrRhgMJTb
Content-Type: text/x-csrc; charset=us-ascii
Content-Disposition: attachment; filename="patch-racoon-plog.c"
--- src/racoon/plog.c.orig Fri Dec 30 11:28:03 2005
+++ src/racoon/plog.c Fri Dec 30 11:28:18 2005
@@ -224,7 +224,7 @@ ploginit()
return;
}
- openlog(pname, LOG_NDELAY, LOG_DAEMON);
+ openlog(pname, LOG_NDELAY, LOG_SECURITY);
}
void
--/9DWx/yDrRhgMJTb--
More information about the freebsd-ports-bugs
mailing list