This is the addition of a syslog(3) security.* top-level category. This

should be used from now on for anything security but not auth-related. Included are updates for all relevant manpages and also to /etc files, creating a new /var/log/security. Nothing in the system logs to /var/log/security yet as of the time of this commit. Reviewed by: rgrimes, imp, chris
1999-08-21 18:24:29 +00:00 · 1999-08-21 18:24:29 +00:00 · fa62586ae7
commit fa62586ae7
parent 60767bf422
6 changed files with 20 additions and 13 deletions
--- a/etc/Makefile
+++ b/etc/Makefile
@ -1,5 +1,5 @@
 #	from: @(#)Makefile	5.11 (Berkeley) 5/21/91
-#	$Id: Makefile,v 1.201 1999/07/10 18:02:12 iwasaki Exp $
+#	$Id: Makefile,v 1.202 1999/07/26 10:49:31 brian Exp $

 SUBDIR=	sendmail

@ -96,6 +96,8 @@ distribution:
 	    ${DESTDIR}/var/log/lastlog
 	${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 664 /dev/null \
 	    ${DESTDIR}/var/log/messages
+	${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 600 /dev/null \
+	    ${DESTDIR}/var/log/security
 	${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 600 /dev/null \
 	    ${DESTDIR}/var/log/slip.log
 	${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 600 /dev/null \
--- a/etc/newsyslog.conf
+++ b/etc/newsyslog.conf
@ -1,5 +1,5 @@
 # configuration file for newsyslog
-# $Id: newsyslog.conf,v 1.20 1999/06/28 03:03:17 obrien Exp $
+# $Id: newsyslog.conf,v 1.21 1999/06/28 03:14:58 obrien Exp $
 #
 # logfilename          [owner:group]    mode count size when [ZB] [/pid_file] [sig_num]
 /var/cron/log				600  3	   100  *     Z
@ -11,4 +11,5 @@
 /var/log/messages			664  5	   100  *     Z
 /var/log/slip.log			600  3	   100  *     Z
 /var/log/ppp.log			600  3	   100	*     Z
+/var/log/security			600  10    100  *     Z
 /var/log/wtmp				644  3	   *	@01T05 B
--- a/etc/syslog.conf
+++ b/etc/syslog.conf
@ -1,9 +1,10 @@
-#	$Id: syslog.conf,v 1.8 1998/09/02 01:34:56 brian Exp $
+#	$Id: syslog.conf,v 1.9 1998/10/14 21:59:55 nate Exp $
 #
 #	Spaces are NOT valid field separators in this file.
 #	Consult the syslog.conf(5) manpage.
 *.err;kern.debug;auth.notice;mail.crit		/dev/console
 *.notice;kern.debug;lpr.info;mail.crit;news.err	/var/log/messages
+security.*					/var/log/security
 mail.info					/var/log/maillog
 lpr.info					/var/log/lpd-errs
 cron.*						/var/cron/log
--- a/lib/libc/gen/syslog.3
+++ b/lib/libc/gen/syslog.3
@ -30,7 +30,7 @@
 .\" SUCH DAMAGE.
 .\"
 .\"     @(#)syslog.3	8.1 (Berkeley) 6/4/93
-.\"     $Id$
+.\"     $Id: syslog.3,v 1.5 1999/07/12 20:46:45 nik Exp $
 .\"
 .Dd June 4, 1993
 .Dt SYSLOG 3
@ -205,6 +205,9 @@ Messages generated by random user processes.
 This is the default facility identifier if none is specified.
 .It Dv LOG_UUCP
 The uucp system.
+.It Dv LOG_SECURITY
+Security subsystems, such as
+.Xr ipfw 4 .
 .It Dv LOG_LOCAL0
 Reserved for local use.
 Similarly for
--- a/sys/sys/syslog.h
+++ b/sys/sys/syslog.h
@ -31,7 +31,7 @@
 * SUCH DAMAGE.
 *
 *	@(#)syslog.h	8.1 (Berkeley) 6/2/93
- * $Id: syslog.h,v 1.15 1997/10/06 20:37:01 joerg Exp $
+ * $Id: syslog.h,v 1.16 1998/07/13 06:45:17 bde Exp $
 */

 #ifndef _SYS_SYSLOG_H_
@ -94,18 +94,19 @@ CODE prioritynames[] = {
 #define	LOG_USER	(1<<3)	/* random user-level messages */
 #define	LOG_MAIL	(2<<3)	/* mail system */
 #define	LOG_DAEMON	(3<<3)	/* system daemons */
-#define	LOG_AUTH	(4<<3)	/* security/authorization messages */
+#define	LOG_AUTH	(4<<3)	/* authorization messages */
 #define	LOG_SYSLOG	(5<<3)	/* messages generated internally by syslogd */
 #define	LOG_LPR		(6<<3)	/* line printer subsystem */
 #define	LOG_NEWS	(7<<3)	/* network news subsystem */
 #define	LOG_UUCP	(8<<3)	/* UUCP subsystem */
 #define	LOG_CRON	(9<<3)	/* clock daemon */
-#define	LOG_AUTHPRIV	(10<<3)	/* security/authorization messages (private) */
+#define	LOG_AUTHPRIV	(10<<3)	/* authorization messages (private) */
 				/* Facility #10 clashes in DEC UNIX, where */
 				/* it's defined as LOG_MEGASAFE for AdvFS  */
 				/* event logging.                          */
 #define	LOG_FTP		(11<<3)	/* ftp daemon */
 #define	LOG_NTP		(12<<3)	/* NTP subsystem */
+#define	LOG_SECURITY	(13<<3) /* security subsystems (firewalling, etc.) */

 	/* other codes through 15 reserved for system use */
 #define	LOG_LOCAL0	(16<<3)	/* reserved for local use */
@ -135,7 +136,7 @@ CODE facilitynames[] = {
 	{ "mark", 	INTERNAL_MARK,	},	/* INTERNAL */
 	{ "news",	LOG_NEWS,	},
 	{ "ntp",	LOG_NTP,	},
-	{ "security",	LOG_AUTH,	},	/* DEPRECATED */
+	{ "security",	LOG_SECURITY,	},
 	{ "syslog",	LOG_SYSLOG,	},
 	{ "user",	LOG_USER,	},
 	{ "uucp",	LOG_UUCP,	},
--- a/usr.sbin/syslogd/syslog.conf.5
+++ b/usr.sbin/syslogd/syslog.conf.5
@ -30,7 +30,7 @@
 .\" SUCH DAMAGE.
 .\"
 .\"     @(#)syslog.conf.5	8.1 (Berkeley) 6/9/93
-.\"	$Id: syslog.conf.5,v 1.11 1998/07/22 06:15:16 phk Exp $
+.\"	$Id: syslog.conf.5,v 1.12 1998/12/04 06:49:20 jkh Exp $
 .\"
 .Dd June 9, 1993
 .Dt SYSLOG.CONF 5
@ -98,7 +98,7 @@ The
 .Em facility
 describes the part of the system generating the message, and is one of
 the following keywords: auth, authpriv, cron, daemon, ftp, kern, lpr, mail,
-mark, news, ntp, syslog, user, uucp and local0 through local7.
+mark, news, ntp, syslog, user, uucp, security and local0 through local7.
 These keywords (with the exception of mark) correspond to the
 similar
 .Dq Dv LOG_
@ -328,9 +328,8 @@ auth.*					|exec /usr/local/sbin/authfilter
 !ftpd
 *.*							/var/log/spoolerr

-# Log kernel firewall reports to a separate file
-!ipfw
-*.*							/var/log/ipfw
+# Log all security messages to a separate file.
+security.*						/var/log/security
 .Ed
 .Sh FILES
 .Bl -tag -width /etc/syslog.conf -compact