Re: Syslog - doubt - Steven Smith

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Steven Smith <sos22@cam.ac.uk>
To: linux-newbie@vger.kernel.org
Subject: Re: Syslog - doubt
Date: Wed, 5 Jun 2002 19:51:58 +0100	[thread overview]
Message-ID: <20020605185158.GA749@cam.ac.uk> (raw)
In-Reply-To: <200206051714.g55HE8u18108@cs.annauniv.edu>

[-- Attachment #1: Type: text/plain, Size: 1067 bytes --]

> If someone executes this program repeatedly
> of from a loop, syslog would become too large.
> Is something wrong?  Can access to syslog
> be restrcted?
Good question. I can't see any ways to limit the rate at which
a given user can send messages, and the sysklogd man page lists this as
a flaw in the current implementation. This is somewhat worrying.

On the other hand, you can quite easily prevent certain users from
logging any messages at all, if you only log messages from the local
machine. syslogd listens on a Unix socket, usually /dev/log, for incoming
messages, and if a user doesn't have write permission on that socket,
they can't put anything in the syslog. So, what I would do is this:

1) Create a new group called logging
2) Place all of the users and services which need to make entries in the
   syslog in this group
3) chgrp logging /dev/log
4) chmod o-rw /dev/log

Of course, this doesn't help if you use network logging as well. The
easiest way of restricting this is probably using the kernel packet
filters.

Steven Smith,
sos22@cam.ac.uk.

[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]

     prev parent reply	other threads:[~2002-06-05 18:51 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-06-05 15:32 Syslog - doubt Suriya Narayanan M S
2002-06-05 18:41 ` Jos Lemmerling
2002-06-05 18:51 ` Steven Smith [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20020605185158.GA749@cam.ac.uk \
    --to=sos22@cam.ac.uk \
    --cc=linux-newbie@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.