Board index Freebsd

Check your ppp.log or ppp.tun0.log in /var/log

Check your ppp.log or ppp.tun0.log in /var/log

Post by Mat » Wed, 17 Sep 1997 04:00:00



Hi,

I was having a look through my FreeBSD 2.2.2 system last night after
compiling myself a new kernel, so was feeling pretty chuffed about it
(being my first FreeBSD kernel) when I noticed that the directory and
contents of /var/log/ were world-readable.

While it's pretty understandable that some log files have world
attributes it seems INSANE that ppp.log (or, in my case, ppp.tun0.log)
be world-readable. After a quick cat of the file I found, for all to
see, plain text copies of my ISP password visible.

I suppose it's prudent to run around clamping all these files down, but
it strikes me as odd that they'd default to world-readable.

Well, it's probably not a major discovery, but I'd thought I'd bring it
to your attention anyway.

Cya,

--
Matt Bruce

NB: Remove X's to email me (anti-spam)

 
 
 
Top

Check your ppp.log or ppp.tun0.log in /var/log

Post by Jordan K. Hubbar » Wed, 17 Sep 1997 04:00:00



> While it's pretty understandable that some log files have world
> attributes it seems INSANE that ppp.log (or, in my case, ppp.tun0.log)
> be world-readable. After a quick cat of the file I found, for all to
> see, plain text copies of my ISP password visible.

> I suppose it's prudent to run around clamping all these files down, but
> it strikes me as odd that they'd default to world-readable.

No, you're right - it is odd.  I've asked the ppp maintainer what's up
with this one!  Thanks for pointing it out.

--
- Jordan Hubbard
  FreeBSD core team / Walnut Creek CDROM.

 
 
 
Top

Check your ppp.log or ppp.tun0.log in /var/log

Post by Keith W » Thu, 18 Sep 1997 04:00:00


A friend of mine runs a Debian Linux box and telnetted to his machine one day
and was comparing my fbsd to his linux and was mostly interested in how his
PPP stuff is setup, and cat'd his ppp.log file and his login and passwd was
there plain text also. I mentioned it to him and he reset the perms on
it, but was suprised that it was there. I'll have to check my logs and
see. I dont think the passwd or login are in the my ppp logs though.



> > While it's pretty understandable that some log files have world
> > attributes it seems INSANE that ppp.log (or, in my case, ppp.tun0.log)
> > be world-readable. After a quick cat of the file I found, for all to
> > see, plain text copies of my ISP password visible.

> > I suppose it's prudent to run around clamping all these files down, but
> > it strikes me as odd that they'd default to world-readable.

> No, you're right - it is odd.  I've asked the ppp maintainer what's up
> with this one!  Thanks for pointing it out.

> --
> - Jordan Hubbard
>   FreeBSD core team / Walnut Creek CDROM.

 
 
 
Top

1. ipppd logs in /var/log/ipppd-auth.log ??

How can I get ipppd to write logs in /var/log/ipppd-auth.log?
It works fine with pppd and it should also work with ipppd.
Thats whats written in the documentation. But ipppd does not
log any incomming call.

Any ideas?

Thanks a lot!

Ciao!
Matthias

2. Looking for gcc 2.7.0 binary for Linux

3. How can I get ipppd to log in /var/log/ipppd-auth.log ????

4. security rating for Linux

5. How large can /var/log/messages and /var/log/syslog get ?

6. Can't seem to get pam and .rhosts to play nice

7. How to close /var/log/syslog and /var/log/messages..

8. Send mail problem

9. creating different syslog file /var/log/syslog.0 /var/log/syslog.1...

10. Need HELP to Log User Log-ins form the internet

11. Why does: "tail -f /var/log/messages | grep eth0 >> /var/log/eth0.log" create an empty log ?

12. logging - "secure" logs don't tell me who is logging in?

13. Help with log files on /var/log/*


All times are UTC
Board index