توجه ! این یک نسخه آرشیو شده میباشد و در این حالت شما عکسی را مشاهده نمیکنید برای مشاهده کامل متن و عکسها بر روی لینک مقابل کلیک کنید : WARNING: RESTRICT_SYSLOG is disabled.
x0r
February 1st, 2014, 19:12
سلام
من 2 تا سرور دارم یکی directadmin و یه cpanel
رو هر دو CSF رو نصب داشتم که بدون مشکل در حال کر کردن هستن
امروز وقتی هر دو رو بروز رسانی کردم با این پیغام رو به رو شدم
WARNING: RESTRICT_SYSLOG is disabled. See SECURITY WARNING in Firewall Configuration
ظاهرا مشکل امنیتی هستش
دوستان اطلاعاتی دارند در مورد این موضوع ؟
ertebat7
February 1st, 2014, 20:11
سلام
در اپدیت جدید csf جدیدا این هشدار داده شده است
و با enable کردن آن مشکل حل میشه
x0r
February 1st, 2014, 23:08
restrict_syslog دقیقا چی کار می کنه ؟
تو سایتش هم یه مطلبی بود متوجه نشدم
Unfortunately, it is trivial for end-users and scripts run by end-users to
spoof log lines that appear identical to any log line reported in logs
maintained by syslog/rsyslog. You can identify these logs by looking in
/etc/syslog.conf or /etc/rsyslog.conf
This means that anyone on the server can maliciously trigger applications that
monitor these logs, such as lfd does for the following options:
A malicious user could use this issue to trigger confusing emails regarding
both successful and failed login attempts, kernel log lines (including iptables
log lines) etc. Unfortunately, there is very little that can be done about this
as syslog/rsyslog has no security framework. Some attempt was made in newer
versions of rsyslog, but this version is not available in the current versions
used by RedHat/CentOS v6. It also has to be enabled and can will have adverse
effects on utilities that expect a certain format for the log lines.
To mitigate spoofing attempts we recommend the following, if you are willing to
accept the consequences of spoofed log lines:
1. Go through the options above ensuring that only those that you need are
enabled
2. Ensure that DENY_IP_LIMIT and DENY_TEMP_IP_LIMIT are set reasonably low (for
example, 200). This will limit attempts to block large numbers of IP addresses
3. Ensure that administrator/support IP addresses are listed in
/etc/csf/csf.allow and perhaps /etc/csf/csf.ignore. This will prevent malicious
blocking from denying you access to the server
4. To confirm successful logins to SSH, use the "last" utility from the root
shell, e.g.:
last -da
5. Regularly check the server and user data for exploits, old vulnerable
applications and out of date OS applications
6. Consider carefully any application that you use that centralises actions and
syslog/rsyslog logs and the implications of spoofed log lines
7. Consider the implications of this overall issue on applications and scripts
other than csf/lfd that use the affected log files
8. Ultimately, you could consider restricting access to all configured
syslog/rsyslog unix sockets. This can be used via file permissions and
ownership of the sockets (e.g. /dev/log) but there are several caveats: file
permissions and ownership have to be reapplied whenever syslog/rsyslog is
restarted; restricting logging will break/limit some applications ability to
log to syslog/rsyslog, for example crond.
9. Do not enable syslog/rsyslog reception via UDP/TCP ports
djboy
February 2nd, 2014, 09:00
سلام
در اپدیت جدید csf جدیدا این هشدار داده شده است
و با enable کردن آن مشکل حل میشه
سلام
نوشته شده
RESTRICT_SYSLOG = Default: 0 [0-2]
تبدیل بشه به
RESTRICT_SYSLOG = Default: 0 [0-2]
درسته همین مورد هستش؟
چون همین مورد رو فعال کردم مشکل حل شدش
یا کار دیگه ای هم باید انجام داد.