LOG_AUTHPRIV and the default syslog.conf
Yar Tikhiy
yar at freebsd.org
Tue Apr 1 08:12:41 PST 2003
Hello,
Some time ago I wrote PR conf/48170, which discussed
the following problem:
Syslog messages of facility LOG_AUTHPRIV and priority LOG_NOTICE
(or higher) are sent by default to the world-readable log file
/var/log/messages. That seems unacceptable since the facility
LOG_AUTHPRIV is for hiding sensitive log messages inside a protected
file, e.g., /var/log/auth.log.
For example, login(1) and ftpd(8) send messages about invalid
login attempts to LOG_AUTHPRIV|LOG_NOTICE, which makes sense
because:
a) a username attempted may happen to be a password typed at a wrong prompt;
b) an invalid login attempt is a thing to notice, so LOG_NOTICE is justified.
The following patch was proposed:
Index: syslog.conf
===================================================================
RCS file: /home/ncvs/src/etc/syslog.conf,v
retrieving revision 1.23
diff -u -r1.23 syslog.conf
--- syslog.conf 21 Sep 2002 12:07:35 -0000 1.23
+++ syslog.conf 11 Feb 2003 11:39:55 -0000
@@ -6,7 +6,7 @@
# may want to use only tabs as field separators here.
# Consult the syslog.conf(5) manpage.
*.err;kern.debug;auth.notice;mail.crit /dev/console
-*.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
+*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
security.* /var/log/security
auth.info;authpriv.info /var/log/auth.log
mail.info /var/log/maillog
===================================================================
Since my PR has received no feedback, I'd like to discuss the above
problem here before committing my patch. Have I overlooked any
complications?
--
Yar
More information about the freebsd-security
mailing list