> Article about using stunnel with rsyslog > http://freecode.com/articles/ssl-encrypting-syslog-with-stunnel
hello again :-) I've setup a server log centralized following the above link (and thanks). Whole connections fly on vpn. I also read: >Preventing Systems from Talking Directly to the rsyslog Server >It is possible for remote systems (or attackers) talk to the rsyslog >server by directly connecting to its port 61514. Currently, rsyslog >does not offer the ability to bind to the local host only. This >feature is planned, but as long as it is missing, rsyslog must be >protected via a firewall. This can easily be done via, for example, >iptables. Just be sure not to forget it. So, to protect my self about the hackers attempts, I need only close 61514 port of centralized log server? If an attacker has root access on a client, can talking with syslogd centralized log server? If yes, how I protect that server? thanks! Pol -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/51e438a7.7010...@fuckaround.org
