syslogd/klogd problem - reseni

Pavel Kankovsky peak na argo.troja.mff.cuni.cz
Pondělí Prosinec 20 20:12:11 CET 1999


On Mon, 20 Dec 1999, Dalibor Toman wrote:

> problem vznikne celkem logicky po te co syslogd dostane HUP signal.
> Cili je nutne po restartu syslogd pri rotaci logu jeste nakopnout
> klogd. Zajimave je ze ve starsich verzich (RH 4.2) jsem nic podobneho
> nepozoroval.

Tentokrat to neni vlastnost, ale chyba. Aktualizace sysklogd jest
doporucovana ctyrmi z peti odborniku na Linux. :)

<citat>
Date: Sun, 19 Dec 1999 13:04:42 -0500
From: David F. Skoll <dfs na ROARINGPENGUIN.COM>
To: BUGTRAQ na SECURITYFOCUS.COM
Subject: More on Red Hat 6.1 sysklogd
 
Red Hat has a security advisory at
http://www.redhat.com/support/errata/RHSA1999055-01.html detailing a
DoS attack against syslogd.
 
There is an even more compelling reason to upgrade:  After my logs were
rotated, I noticed that the background chatter of script kiddies probing
my firewall ceased.  It turns out that when syslogd is sent a HUP
signal, it closes and recreates the /dev/log socket.  If this is a
stream socket, then klogd (the daemon responsible for forwaring kernel
log messages) fails.
 
Basically, after your logs are rotated, all kernel log messages are
lost.  Update your syslogd now.
....
</citat>

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."



Další informace o konferenci Linux