[logs] Passive syslog monitoring
Mordechai T. Abzug
morty at frakir.org
Tue Jan 29 16:06:47 PST 2008
On Tue, Jan 29, 2008 at 03:00:17PM -0800, ron dilley wrote:
> I have just posted an update to the Passive Syslog Monitoring Daemon
> ( http://sourceforge.net/projects/psmd).
That sounds cool. But what's the point? The risk of running a daemon
is not because your OS has an open socket, it's because you're
processing untrusted data. Most security checklists say to disable
open sockets, but only because they equate open sockets with
processing untrusted data. A passively listening daemon is still
processing untrusted data.
- Morty
More information about the LogAnalysis
mailing list