Re: periodic security run output gives false positives after 1 year



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/16/2012 08:08 PM, Sergey Kandaurov wrote:
5424 yet. Almost complete implementation was done in NetBSD in
that regard in 2008. NetBSD before RFC 5424 changes has had pretty
similar syslogd source, so if one could analyze and port that
changes to FreeBSD, that would be pretty nice.

I implemented this and if anyone is interested I would be glad to help
with it. So far I just did not find the time to continue development
or even a FreeBSD port on my own (finishing university, looking for a
job, etc). -- The code is in NetBSD-Current and my own development
repository is now online at https://github.com/mschuett/nbsd-syslog

With regard to porting the biggest difference between systems is the
libevent library, which is included in NetBSD and used in the syslogd(8).

The main "problem" with the IETF/NetBSD syslogd(8) is that it does not
only change the message/protocol format, but at the same time implements
TLS communication and digital signatures. -- In combination these
functions really add size and complexity to the code.

To improve things I wonder if syslogd(8) could be restructured into a
plugin-based architecture. That might keep the different logging targets
(files, console, UDP, TLS) and optional features (new/old format,
signatures) separate and simpler. Of course only if it is simple enough
not to add yet another layer of overhead and complexity.

- --
Martin Schütte
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk8+Sp0ACgkQrb26LrIR2NllIACg7BieDyiVUabLww4n06vehhPe
JjoAoJAq9zAejj0BynH6mP+RBlearIdL
=xV69
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"