Install-time "hardening" options
Ronald F. Guilmette
rfg at tristatelogic.com
Thu Oct 12 21:32:18 UTC 2017
In message <21945e9b-6573-5f8d-9b6d-26bbb8bfd748 at sentex.net>,
Mike Tancsa <mike at sentex.net> wrote:
>> (*) Disable opening Syslogd network socket (disables remote logging)
>Is not the default -s and this options makes it -ss. "disable remote
>logging" as in the host you are configuring cannot send out messages to
>other syslogd servers.
Was that a question or a statement?
If you are assering that indeed, yes, star'ing this specific "hardening"
option just causes the local machine to -not- send -outbound- syslog
messages, then certainly, that is indeed a horse of a different color
from what I was talking about, which was -accepting- -inbound- syslog
At the very least, the wording on this option should be clarified to
make it apparent if the thing being disabled in this case is inbound
syslog messages or outbound ones.
More information about the freebsd-questions