Getting install log on a remote machine
Klaus Steden
klaus.steden at thomson.net
Wed Aug 10 17:49:53 UTC 2005
> >What about a dual-pronged approach? The first being updating Anaconda to
> >support the syslog API, the second being to provide a 'logger' command in
> >bootstrap that can be called by kickstart itself, like the one used on
> >FBSD,
> >like this:
> >
> > logger -t kickstart -p local7.warn @loghost \
> > "Could not find /install/foobar.rpm to install!"
> >
> >or something like that.
>
> I do not see the '@loghost' option in the man page of the
> util-linux-2.12a-16 derived 'logger', nor does it work
> locally.
>
> Interesting concept to be able to specify the syslog server
> directly in an end user accessible command -- remote DoS
> attack vectors spring unbidden to mind.
>
This is a vulnerability with any syslog server, or in fact, any server
connected to a network that syslogs network requests. I could just as easily
DoS the system by attacking another service. Syslogd should be defensive in
anticipation of this, and indeed, on the three systems I justed checked
(FreeBSD, IRIX, and Linux), all have a switch that can be used to disable
logging of remotely submitted syslog messages.
In the case of systems not directly connected to hostile networks, this
scenario is more of a minor nuisance than a major security vulnerability.
Klaus
More information about the Kickstart-list
mailing list