[syslog-ng]Security and Integrity support?
William Yodlowsky
wyodlows@andromeda.rutgers.edu
Tue, 28 Nov 2000 21:15:20 -0500
On Wed, Nov 29, 2000 at 02:35:44AM +0100, Gregor Binder wrote:
> William Yodlowsky on Tue, Nov 28, 2000 at 07:35:42PM -0500:
>
> > Could it perhaps link to TCP Wrappers' libwrap instead?
>
> I agree. I think having to maintain packet filter configurations for
> every system that serves a critical function is a bit much. Plus, the
> wrappers are supported on and the configuration is portable to many
> UNIX systems. Also, some commercial UNIX systems are not shipped with
> packet filtering capabilities.
That's what I had in mind :-)
> When I suggested this to Balazs, he correctly said that tcp PARANOID
> checking could easily DoS your nameserver when it is used to control
> access to your syslog/udp.
Ah, a good point. IMHO a warning during the configure phase and a
blurb in INSTALL would be enough, though. I haven't been on this list
very long, but I would hope people replacing their syslogd would at
least read INSTALL :)
> You could also produce nice effects by logging access to the syslog
> port to a remote machine, which in turn for security reasons sends all
> network access information to you as a replication means :)
I dare say I was thinking about that too...
> I still think it would be really nice to have, especially because it's
> portable, well tested and I believe lots of people still use it for
> non-firewall machines. I do :)
I second the motion!