Re: server log centalized

To: debian-user@lists.debian.org
Subject: Re: server log centalized
From: Pol Hallen <deben@fuckaround.org>
Date: Mon, 15 Jul 2013 20:00:07 +0200
Message-id: <[🔎] 51E438A7.7010903@fuckaround.org>
In-reply-to: <[🔎] 20130715144828.GA19958@tuzo>
References: <[🔎] 201307151518.52388.ml@fuckaround.org> <[🔎] 20130715144828.GA19958@tuzo>

> Article about using stunnel with rsyslog
> http://freecode.com/articles/ssl-encrypting-syslog-with-stunnel

hello again :-)

I've setup a server log centralized following the above link (and
thanks). Whole connections fly on vpn.

I also read:

>Preventing Systems from Talking Directly to the rsyslog Server
>It is possible for remote systems (or attackers) talk to the rsyslog
>server by directly connecting to its port 61514. Currently, rsyslog
>does not offer the ability to bind to the local host only. This
>feature is planned, but as long as it is missing, rsyslog must be
>protected via a firewall. This can easily be done via, for example,
>iptables. Just be sure not to forget it.

So, to protect my self about the hackers attempts, I need only close
61514 port of centralized log server?

If an attacker has root access on a client, can talking with syslogd
centralized log server?

If yes, how I protect that server?

thanks!

Pol

Reply to:

Follow-Ups:
- Re: server log centalized
  - From: Stan Hoeppner <stan@hardwarefreak.com>

References:
- server log centalized
  - From: Pol Hallen <ml@fuckaround.org>
- Re: server log centalized
  - From: Sean Alexandre <sean@alexan.org>

Prev by Date: which package is involed for this bug ?
Next by Date: What's with the blue overlining in text consoles? [SOLVED]
Previous by thread: Re: server log centalized
Next by thread: Re: server log centalized
Index(es):
- Date
- Thread