Gerd Bitzer
On Thu, 01 Mar 2001 13:09:13 +0100, you wrote:
Hi List,
does anybody know a secure dropin Replacement for the standard syslogd, which supports libwrap-style ACL's ?
Ummm there are several ones (try at securityportal.com: there's at least an article about that), I don't know if they support libwrapp. I'd recommend using the standard syslogd with some acl's in your router since other replacements aren't standard and you won't be able to, for instance, receive logs from other boxes (routers, switches, load-balancers, etc).
Hmm, I know the page on securityportal.com, the daemons there are quite interesting as they implement such things as syslog over tcp or even over ssl. But thats a little bit oversized for my needs.
Standard syslog goes over UDP and not encrypted. It's easy to defeat if you don't set the aproppiate fw rules (router acl's, eg). I had a look at some alternatives some time ago but none of them convince me. Many of them were not mature enough and I decided to leave the original syslogd.
There's an alternate rpcbind daemon from Vietse Venema which implements such libwrap based ACL's for RPC, which makes sense in my opinion, but I haven't found an adequate, simple dropin syslogd :-(
what would be a "secure" replacement? why is syslog not secure? answer: because it relies on UDP. Now, you should simply use something that does not rely on UDP to transport log messages. But then, it isnt a drop-in replacement, is it? Thats kinda fsck'd .. What I would do is, block UDP traffic in general (with a few exceptions) at the border router or firewall, so I dont have people sending UDP traffic into my network. If I'd need to carry UDP traffic thru an untrusted network, then I'd rely on VPN technology. But, *at least* I'd block UDP traffic on syslog port at the border routers... And then, I'd ignorantly continue to use standard syslogd :-) Cheers chris
Maybe anybody in this list does have knowledge about such a beast ;-)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ** RoMaN SoFt / LLFB ** roman@madrid.com http://pagina.de/romansoft ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com