Install-time "hardening" options
Matthew Seaman
matthew at FreeBSD.org
Fri Oct 13 06:53:44 UTC 2017
On 12/10/2017 22:32, Ronald F. Guilmette wrote:
>
> In message <21945e9b-6573-5f8d-9b6d-26bbb8bfd748 at sentex.net>,
> Mike Tancsa <mike at sentex.net> wrote:
>
>>> (*) Disable opening Syslogd network socket (disables remote logging)
>>
>> Is not the default -s and this options makes it -ss. "disable remote
>> logging" as in the host you are configuring cannot send out messages to
>> other syslogd servers.
>
> Was that a question or a statement?
>
> If you are assering that indeed, yes, star'ing this specific "hardening"
> option just causes the local machine to -not- send -outbound- syslog
> messages, then certainly, that is indeed a horse of a different color
> from what I was talking about, which was -accepting- -inbound- syslog
> messages/packets.
>
> At the very least, the wording on this option should be clarified to
> make it apparent if the thing being disabled in this case is inbound
> syslog messages or outbound ones.
syslogd -ss disables any sort of syslog transmission over the network,
in either direction. All you can do is write to local files or (the
little used facility to) pipe syslog into an application.
Cheers,
Matthew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20171013/1b9538be/attachment.sig>
More information about the freebsd-questions
mailing list