LOG_AUTHPRIV and the default syslog.conf
D J Hawkey Jr
hawkeyd at visi.com
Wed Apr 2 05:48:00 PST 2003
On Apr 02, at 05:36 PM, Yar Tikhiy wrote:
>
> On Wed, Apr 02, 2003 at 07:02:44AM -0600, D J Hawkey Jr wrote:
> >
> > FWIW, long ago, I set one of mine up as:
> >
> > *.err;authpriv.none /dev/console
> > *.notice;auth.info;kern.debug;security.none;local0.none;authpriv.none /var/log/messages
> > security.*;local0.*;authpriv.* /var/log/security
> >
> > I must have been thinking the same thing Yar does WRT authpriv and
> > /var/log/messages.
> >
> > Note that I also added local0, for ipmon(8); is it too late to
> > consider this hack as well as Yar's?
>
> Today's style is to send messages from packet filters to
> /var/log/security, and from authenticating functions to /var/log/auth.log.
No disagreement. This is what I do with local0, and it's just my own
preference to "depreciate" auth.log (which I don't advocate as policy).
> Additionally I think it would be poor style to use local0 in the
> default syslog.conf since local* should be left for site-specific
> purposes.
I agree completely, but...
> Therefore I'd suggest changing src/sbin/ipmon/Makefile
> so that it will add ``-DLOGFAC=LOG_SECURITY'' to CFLAGS, and syncing
> ipmon.8; so ipmon(8) would behave consistently with the rest of the
> system.
...I didn't know about that define! I try to leave /usr/src alone, but
if a committer did this, I'd be all for it.
I hereby revoke my request.
> Yar
Dave
--
______________________ ______________________
\__________________ \ D. J. HAWKEY JR. / __________________/
\________________/\ hawkeyd at visi.com /\________________/
http://www.visi.com/~hawkeyd/
More information about the freebsd-security
mailing list