Package: rsyslog-relp Version: 4.6.4-2 Severity: normal Tags: ipv6 I run rsyslogd with the -6 option, which is documented in the manual page to cause rsyslogd to listen to IPv6 addresses only. However, using the imrelp module, rsyslogd still listens on IPv4. This could be a security issue if you're only expecting to have to use ip6tables to secure your syslog machine; you may unknowingly have an open IPv4 syslog port.
$ cat /etc/default/rsyslog RSYSLOGD_OPTIONS="-c4 -6" $ ps axe | grep [r]syslog 22869 ? Sl 0:02 /usr/sbin/rsyslogd -c4 -6 $ grep -i relp /etc/rsyslog.conf $ModLoad imrelp $InputRELPServerRun 20514 $ sudo lsof -i :20514 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME rsyslogd 22869 root 3u IPv4 47214831 0t0 TCP *:20514 (LISTEN) rsyslogd 22869 root 4u IPv6 47214832 0t0 TCP *:20514 (LISTEN) -- System Information: Debian Release: 6.0.3 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates') Architecture: amd64 (x86_64) Kernel: Linux 3.0.4-x86_64-linode21 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages rsyslog-relp depends on: ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib ii librelp0 1.0.0-1 Reliable Event Logging Protocol (R ii rsyslog 4.6.4-2 enhanced multi-threaded syslogd rsyslog-relp recommends no packages. rsyslog-relp suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
