Subject: syslog && LOG_AUTHPRIV
To: None <current-users@netbsd.org>
From: Luke Mewburn <lm@melb.cpr.itg.telecom.com.au>
List: current-users
Date: 10/18/1994 15:00:24
The current version of syslogd (from 4.4BSD-lite?) has a facility
level `authpriv' - which is supposed to be like auth.* but only log to
a secure file (i.e, one that has perms of 600).
Unfortunately, the current syslog.conf doesn't support the use of
this, which means you often get messages in /var/log/messages like:
4 login failures from foo.bar.com
4 login failures from foo.bar.com, ner
The latter message shouldn't appear in a world readable file...
The solution is to change syslog.conf so that it looks something like:
*.err;kern.debug;auth.notice;authpriv.none /dev/console
*.notice;kern.debug;lpr,auth.info;authpriv.none /var/log/messages
authpriv.info /var/log/secure
mail.info /var/log/maillog
lpr.info /var/log/lpd-errs
cron.info /var/cron/log
*.notice;auth.debug root
*.emerg *
(So that *.notice for /var/log/messages explicitly ignores any
authpriv stuff, and authpriv stuff goes to /var/log/secure, which has
permissions like 600...)
If you do this, don't forget to change /etc/newsyslog.conf so that
/var/log/secure gets rotated similar to /var/log/messages, but of
course, the backup files get perms of 600...
PS: files like wtmp, messages, and maillog should get a default
install permission of 600 not 664... Maybe the mtree stuff in
/usr/src/etc needs hacking for this too...
--
Luke Mewburn, <lm@cpr.itg.telecom.com.au>
`Think of it as Evolution in Action.' - "Oath of Fealty", Niven & Pournelle