OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Peter Pentchev (roam_at_ringlet.net)
Date: Sat Dec 14 2002 - 09:58:53 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    On Sat, Dec 14, 2002 at 12:14:42PM +0100, Erwan Breton wrote:
    > Hi,
    >
    > Since i have activate the firewall on my Box, I have many kernel log
    > messages in my security check output every night. the problem is, idon't see
    > anymore interessant messages like bad login.
    >
    > athena kernel log messages:
    [snip ipfw log messages]
    >
    > main# uname -a
    > FreeBSD 4.7-STABLE #10: Thu Nov 28 19:00:13 CET 2002
    > I just active firewall (i think :o) )
    >
    > If u need more conf (like syslog.conf) tell it.
    >
    > Thanks for ideas and answers.

    What exactly is the problem: that those messages are hiding the rest of
    the information in your logfiles? You can easily turn ipfw logging off:
    it is currently logging verbosely because of one of two reasons - either
    you have an 'option IPFIREWALL_VERBOSE' in your kernel config file, or
    you have 'firewall_logging="yes"' in your /etc/rc.conf file.

    To turn ipfw logging off, either remove the firewall_logging="yes" line
    from /etc/rc.conf, or add a net.inet.ip.fw.verbose=0 line to
    /etc/sysctl.conf. Both of these will take effect upon your next reboot,
    when the startup scripts reread the configuration; if you want to turn
    off the verbose ipfw logging right now, issue the following command:

            sysctl net.inet.ip.fw.verbose=0

    Of course, neither of these will help if you have explicitly requested
    logging in one of your firewall rules: examine your firewall
    configuration and see if any of the rules has the 'log' keyword.

    All this said, there is another option for having your cake and eating
    it, too: instructing syslog.conf to send ipfw log messages to another
    location. According to the ipfw manual page, the 'log' keyword causes
    ipfw to send kernel.security syslog messages; you could redirect those
    to a separate file, so that they do not interfere with your normal
    logging.

    Hope this helps :)

    G'luck,
    Peter 

    -- 
Peter Pentchev	roamringlet.net	roamFreeBSD.org
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
Thit sentence is not self-referential because "thit" is not a word.

    -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD)

    iD8DBQE9+1U97Ri2jRYZRVMRAilRAJ9M1EylYls7jZfmDT+M8xWSTdPOuACgun4U aMMLCdHTfgYVLZOXoqWzIww= =V6Ef -----END PGP SIGNATURE-----

    To Unsubscribe: send mail to majordomoFreeBSD.org with "unsubscribe freebsd-security" in the body of the message