Re: Syslog config file.
On Wed, Dec 05, 2001 at 09:00:57AM +0100, Robert Magier wrote:
> On Wed, 5 Dec 2001, Yotam Rubin wrote:
>
> > Nothing, it's a runtime argument. When invoking syslogd, use the -f
> > argument to specify an alternative configuration file. This is documented in
> > the man page.
> >
> > Regards, Yotam Rubin
> >
>
> Yes, I know it is an runtime argument,but if you don't set this, and just
> type
> syslogd /etc/syslog.conf will be load by default.
> This is what I want to change.
> For example, I want my syslog to forward all logs to another server, but I
> don't want anyone who would compromise my system to get it know too easly.
A simple 'grep syslog\.conf' in the source tree revealed that the default
configuration file path is contained in paths. This does not provide any
sort of protection. The intruder can strace syslogd and determine which
file it opens. I'm against this sort of "security", but you can try to obscure
the configuration file location in the following manner:
Create a wrapper script which copies the real configuration file to some
temporary location, e.g. /tmp/zaboo.conf. Invoke syslogd in the wrapper
specifying the temporary configuration file. After syslogd detaches, remove the
temporary configuration file. Of course, you need to obscure the location of
the wrapper, so this is an endless game, unless you add some non-standard
ACL features to your kernel.
Regards, Yotam Rubin
>
>
> --
> Robert Magier
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
Reply to: