hardenedbsd/HardenedBSD
1
0
Fork 0
mirror of https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git synced 2024-12-18 05:53:36 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

HBSD: Default deny remote connections for syslogd

Browse Source 
Add a second -s flag by default to ensure syslogd does not establish
remote connections. Users who have configured syslogd to send logs to a
remote location will now need to override syslogd_flags in their
rc.conf{.local}.

Signed-off-by:	Shawn Webb <shawn.webb@hardenedbsd.org>
issue:		#111
MFC-to:		14-STABLE
This commit is contained in:
Shawn Webb 2024-12-17 03:00:06 +00:00
parent 0d583d66ba
commit 50ed55c154
No known key found for this signature in database
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libexec/rc/rc.conf
View File

@ -299,7 +299,7 @@ hostapd_program="/usr/sbin/hostapd"
hostapd_enable="NO" # Run hostap daemon.
syslogd_enable="YES" # Run syslog daemon (or NO).
syslogd_program="/usr/sbin/syslogd" # path to syslogd, if you want a different one.
syslogd_flags="-s" # Flags to syslogd (if enabled).
syslogd_flags="-s -s" # Flags to syslogd (if enabled).
syslogd_oomprotect="YES" # Don't kill syslogd when swap space is exhausted.
altlog_proglist="" # List of chrooted applicatioins in /var
inetd_enable="NO" # Run the network daemon dispatcher (YES/NO).