LOG_AUTHPRIV and the default syslog.conf
D J Hawkey Jr
hawkeyd at visi.com
Wed Apr 2 05:02:48 PST 2003
> At 08:11 PM 4/1/2003 +0400, Yar Tikhiy wrote:
> >The following patch was proposed:
> >
> >Index: syslog.conf
> >===================================================================
> >RCS file: /home/ncvs/src/etc/syslog.conf,v
> >retrieving revision 1.23
> >diff -u -r1.23 syslog.conf
> >--- syslog.conf 21 Sep 2002 12:07:35 -0000 1.23
> >+++ syslog.conf 11 Feb 2003 11:39:55 -0000
> >@@ -6,7 +6,7 @@
> > # may want to use only tabs as field separators here.
> > # Consult the syslog.conf(5) manpage.
> > *.err;kern.debug;auth.notice;mail.crit /dev/console
> >-*.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
> >+*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err
> >/var/log/messages
> > security.* /var/log/security
> > auth.info;authpriv.info /var/log/auth.log
> > mail.info /var/log/maillog
> >===================================================================
> >
> >Since my PR has received no feedback, I'd like to discuss the above
> >problem here before committing my patch. Have I overlooked any
> >complications?
On Apr 02, at 07:46 AM, Mike Tancsa top-posted:
>
> I like the change and I dont think it would adversely affect any sites.
>
> ---Mike
FWIW, long ago, I set one of mine up as:
*.err;authpriv.none /dev/console
*.notice;auth.info;kern.debug;security.none;local0.none;authpriv.none /var/log/messages
security.*;local0.*;authpriv.* /var/log/security
I must have been thinking the same thing Yar does WRT authpriv and
/var/log/messages.
Note that I also added local0, for ipmon(8); is it too late to
consider this hack as well as Yar's?
Dave
--
______________________ ______________________
\__________________ \ D. J. HAWKEY JR. / __________________/
\________________/\ hawkeyd at visi.com /\________________/
http://www.visi.com/~hawkeyd/
More information about the freebsd-security
mailing list