From fa62586ae7fe9877022b8f93c71daac1af50c0f9 Mon Sep 17 00:00:00 2001 From: Brian Feldman Date: Sat, 21 Aug 1999 18:24:29 +0000 Subject: [PATCH] This is the addition of a syslog(3) security.* top-level category. This should be used from now on for anything security but not auth-related. Included are updates for all relevant manpages and also to /etc files, creating a new /var/log/security. Nothing in the system logs to /var/log/security yet as of the time of this commit. Reviewed by: rgrimes, imp, chris --- etc/Makefile | 4 +++- etc/newsyslog.conf | 3 ++- etc/syslog.conf | 3 ++- lib/libc/gen/syslog.3 | 5 ++++- sys/sys/syslog.h | 9 +++++---- usr.sbin/syslogd/syslog.conf.5 | 9 ++++----- 6 files changed, 20 insertions(+), 13 deletions(-) diff --git a/etc/Makefile b/etc/Makefile index ffb7a7d1dfec..f55665b59499 100644 --- a/etc/Makefile +++ b/etc/Makefile @@ -1,5 +1,5 @@ # from: @(#)Makefile 5.11 (Berkeley) 5/21/91 -# $Id: Makefile,v 1.201 1999/07/10 18:02:12 iwasaki Exp $ +# $Id: Makefile,v 1.202 1999/07/26 10:49:31 brian Exp $ SUBDIR= sendmail @@ -96,6 +96,8 @@ distribution: ${DESTDIR}/var/log/lastlog ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 664 /dev/null \ ${DESTDIR}/var/log/messages + ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 600 /dev/null \ + ${DESTDIR}/var/log/security ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 600 /dev/null \ ${DESTDIR}/var/log/slip.log ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 600 /dev/null \ diff --git a/etc/newsyslog.conf b/etc/newsyslog.conf index 9714ce94ccf3..0f2f195a8b2f 100644 --- a/etc/newsyslog.conf +++ b/etc/newsyslog.conf @@ -1,5 +1,5 @@ # configuration file for newsyslog -# $Id: newsyslog.conf,v 1.20 1999/06/28 03:03:17 obrien Exp $ +# $Id: newsyslog.conf,v 1.21 1999/06/28 03:14:58 obrien Exp $ # # logfilename [owner:group] mode count size when [ZB] [/pid_file] [sig_num] /var/cron/log 600 3 100 * Z @@ -11,4 +11,5 @@ /var/log/messages 664 5 100 * Z /var/log/slip.log 600 3 100 * Z /var/log/ppp.log 600 3 100 * Z +/var/log/security 600 10 100 * Z /var/log/wtmp 644 3 * @01T05 B diff --git a/etc/syslog.conf b/etc/syslog.conf index f6c11704d667..7e17ebc03dea 100644 --- a/etc/syslog.conf +++ b/etc/syslog.conf @@ -1,9 +1,10 @@ -# $Id: syslog.conf,v 1.8 1998/09/02 01:34:56 brian Exp $ +# $Id: syslog.conf,v 1.9 1998/10/14 21:59:55 nate Exp $ # # Spaces are NOT valid field separators in this file. # Consult the syslog.conf(5) manpage. *.err;kern.debug;auth.notice;mail.crit /dev/console *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages +security.* /var/log/security mail.info /var/log/maillog lpr.info /var/log/lpd-errs cron.* /var/cron/log diff --git a/lib/libc/gen/syslog.3 b/lib/libc/gen/syslog.3 index 90de5e8b6670..f0bf35e4a279 100644 --- a/lib/libc/gen/syslog.3 +++ b/lib/libc/gen/syslog.3 @@ -30,7 +30,7 @@ .\" SUCH DAMAGE. .\" .\" @(#)syslog.3 8.1 (Berkeley) 6/4/93 -.\" $Id$ +.\" $Id: syslog.3,v 1.5 1999/07/12 20:46:45 nik Exp $ .\" .Dd June 4, 1993 .Dt SYSLOG 3 @@ -205,6 +205,9 @@ Messages generated by random user processes. This is the default facility identifier if none is specified. .It Dv LOG_UUCP The uucp system. +.It Dv LOG_SECURITY +Security subsystems, such as +.Xr ipfw 4 . .It Dv LOG_LOCAL0 Reserved for local use. Similarly for diff --git a/sys/sys/syslog.h b/sys/sys/syslog.h index 61e3f2c0a0ed..0a9df010ce3f 100644 --- a/sys/sys/syslog.h +++ b/sys/sys/syslog.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)syslog.h 8.1 (Berkeley) 6/2/93 - * $Id: syslog.h,v 1.15 1997/10/06 20:37:01 joerg Exp $ + * $Id: syslog.h,v 1.16 1998/07/13 06:45:17 bde Exp $ */ #ifndef _SYS_SYSLOG_H_ @@ -94,18 +94,19 @@ CODE prioritynames[] = { #define LOG_USER (1<<3) /* random user-level messages */ #define LOG_MAIL (2<<3) /* mail system */ #define LOG_DAEMON (3<<3) /* system daemons */ -#define LOG_AUTH (4<<3) /* security/authorization messages */ +#define LOG_AUTH (4<<3) /* authorization messages */ #define LOG_SYSLOG (5<<3) /* messages generated internally by syslogd */ #define LOG_LPR (6<<3) /* line printer subsystem */ #define LOG_NEWS (7<<3) /* network news subsystem */ #define LOG_UUCP (8<<3) /* UUCP subsystem */ #define LOG_CRON (9<<3) /* clock daemon */ -#define LOG_AUTHPRIV (10<<3) /* security/authorization messages (private) */ +#define LOG_AUTHPRIV (10<<3) /* authorization messages (private) */ /* Facility #10 clashes in DEC UNIX, where */ /* it's defined as LOG_MEGASAFE for AdvFS */ /* event logging. */ #define LOG_FTP (11<<3) /* ftp daemon */ #define LOG_NTP (12<<3) /* NTP subsystem */ +#define LOG_SECURITY (13<<3) /* security subsystems (firewalling, etc.) */ /* other codes through 15 reserved for system use */ #define LOG_LOCAL0 (16<<3) /* reserved for local use */ @@ -135,7 +136,7 @@ CODE facilitynames[] = { { "mark", INTERNAL_MARK, }, /* INTERNAL */ { "news", LOG_NEWS, }, { "ntp", LOG_NTP, }, - { "security", LOG_AUTH, }, /* DEPRECATED */ + { "security", LOG_SECURITY, }, { "syslog", LOG_SYSLOG, }, { "user", LOG_USER, }, { "uucp", LOG_UUCP, }, diff --git a/usr.sbin/syslogd/syslog.conf.5 b/usr.sbin/syslogd/syslog.conf.5 index a2ddf5fe85b2..54b3eb217cc3 100644 --- a/usr.sbin/syslogd/syslog.conf.5 +++ b/usr.sbin/syslogd/syslog.conf.5 @@ -30,7 +30,7 @@ .\" SUCH DAMAGE. .\" .\" @(#)syslog.conf.5 8.1 (Berkeley) 6/9/93 -.\" $Id: syslog.conf.5,v 1.11 1998/07/22 06:15:16 phk Exp $ +.\" $Id: syslog.conf.5,v 1.12 1998/12/04 06:49:20 jkh Exp $ .\" .Dd June 9, 1993 .Dt SYSLOG.CONF 5 @@ -98,7 +98,7 @@ The .Em facility describes the part of the system generating the message, and is one of the following keywords: auth, authpriv, cron, daemon, ftp, kern, lpr, mail, -mark, news, ntp, syslog, user, uucp and local0 through local7. +mark, news, ntp, syslog, user, uucp, security and local0 through local7. These keywords (with the exception of mark) correspond to the similar .Dq Dv LOG_ @@ -328,9 +328,8 @@ auth.* |exec /usr/local/sbin/authfilter !ftpd *.* /var/log/spoolerr -# Log kernel firewall reports to a separate file -!ipfw -*.* /var/log/ipfw +# Log all security messages to a separate file. +security.* /var/log/security .Ed .Sh FILES .Bl -tag -width /etc/syslog.conf -compact