Hello People,
I have an interesting problem here, and would welcome any comments. Please
note I have applied patch3 to the DUX 4.0D box I am talking about.
It appears that someone, somewhere in digital thought that it would be a
good idea to make a secure version of syslog to prevent Denial Of Service
(DOS) attacks. Unforturnately this is going to cause us excessive grief.
The scenario is as follows:
We have a fairly flat network topology 8 POP's plus one central site.
Connected to these sites are currently 2500+ routers, growing to 3500+
routers. These routers syslog to our unix administration host. Now you can
probably see the problem, implementing /etc/syslog.auth is not an acceptable
option.
As a router has multiple interfaces with multiple IP addresses, to collapse
this information I would have to make a logging-source address config on
these routers, not an acceptable answer. Furthermore, entering, and
maintaining serveral thousand /etc/syslog.auth entries is not my idea of
fun.
Now I noticed when running syslogd in debug mode, it looked for a null
length file called /etc/syslog.auth. I am trying to avoid rebuilding another
server to test this, and I can not afford to loose the logging information I
am currently collecting, so I need to know if anyone knows if I do:
mknod /etc/syslog.auth create a null length file
Will this disable security checking on SYSLOGD? Or am I going to have to
download (unless I can extract it from Digital) the syslogd.c and compile my
own daemon.
Does anyone have any good doco on syslog, the stuff in the DUX 4.0D kit and
website is pretty thin.
I have placed this call with Sydney CSC, and am waiting on an answer. Any
comments would be greatly appreciated.
Guy R. Loucks
Unix Systems Administrator
Networks Branch
NSW Department of Education & Training
Information Technology Bureau
Direct +61 2 9950 1887
Fax +61 2 9950 1600
Mobile +61 (0)18 041 186
Email guy.loucks_at_det.nsw.edu.au
Received on Thu Mar 25 1999 - 05:31:07 NZST