[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

syslogd udp port



I remember asking how to stop syslogd opening udp port 514 a while ago and never doing anything about it, here goes again...

hopefully a relevant part of /etc/rc

echo 'starting system logger'
rm -f /dev/log
if [ "X${named_flags}" != X"NO" ]; then
        rm -f /var/named/dev/log
        syslogd_flags="${syslogd_flags} -a /var/named/dev/log"
fi
if [ -d /var/empty ]; then
        rm -f /var/empty/dev/log
        mkdir -p -m 0555 /var/empty/dev
        syslogd_flags="${syslogd_flags} -a /var/empty/dev/log"
fi
syslogd ${syslogd_flags}

if [ X"${pf}" != X"NO" -a X"${pflogd_flags}" != X"NO" ]; then
        if ifconfig pflog0 >/dev/null 2>&1; then
                ifconfig pflog0 up
                pflogd ${pflogd_flags}
        fi
fi

my /etc/rc.conf

syslogd_flags=                # add more flags, ie. "-u -a /chroot/dev/log"

output from command: netstat -p udp -an

Proto Recv-Q Send-Q  Local Address          Foreign Address        (state)
udp        0      0  *.514                  *.*

reading the man page doesn't really answer why there is program listening on udp 514, seeing as I haven't passed syslogd the -u switch

-u      Select the historical ``insecure'' mode, in which syslogd will
         accept input from the UDP port.  Some software wants this, but
         you can be subjected to a variety of attacks over the network,
         including attackers remotely filling logs.

can anyone point me in the right direction so this annoying behaviour stops.
also, is there a switch for netstat which shows the pid/process for each listening port?


thanks in advance

poncenby