mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-16 15:44:04 +01:00
3548606371
found that my syslogd is now running them for several months... Add an option to syslogd to restrict the IP addresses that are allowed to log to this syslogd. It's too late to develop the inter-syslogd communications protocol mentioned in the BUGS section, some 10 years too late. Thus, restricting the IP address range is about the most effective change we can do if we want to allow incoming syslog messages at all. IMHO, we should encourage the system administrators to use this option, and thus provide a knob in /etc/rc.* for it, defaulting to -a 127.0.0.1/32 (just as a hint about the usage). Please state opinions about whether to merge this change into 2.2 or not (i've got it running on RELENG_2_2 anyway). |
||
---|---|---|
.. | ||
Makefile | ||
pathnames.h | ||
syslog.conf.5 | ||
syslogd.8 | ||
syslogd.c |