From 4df93e25d76df28a1d91a285d5f686e64cf79e51 Mon Sep 17 00:00:00 2001 From: glebius Date: Tue, 22 Feb 2005 08:03:09 +0000 Subject: [PATCH] Do not print kernel debugging on console. In case of serial console this can cause a really heavy load on system. Several kernel debugging messages can be triggered even remotely (e.g. bad ARP replies). Use kern.warning instead, so that really significant messages still will be printed on console. Reviewed by: current@ MFC after: 1 week Security: this change fixes a DoS condition, when default system console is serial, and box is flooded with bogus ARP packets --- etc/syslog.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/syslog.conf b/etc/syslog.conf index db88242c02ee..507bd0fdeb9b 100644 --- a/etc/syslog.conf +++ b/etc/syslog.conf @@ -6,7 +6,7 @@ # may want to use only tabs as field separators here. # Consult the syslog.conf(5) manpage. *.err;kern.debug;auth.notice;mail.crit /dev/console -*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages +*.notice;authpriv.none;kern.warning;lpr.info;mail.crit;news.err /var/log/messages security.* /var/log/security auth.info;authpriv.info /var/log/auth.log mail.info /var/log/maillog