The default in sysklogd 2.x is to open listening network sockets, unlike sysklogd 1.5 where the default was the opposite.
This is contrary to a "secure by default" design, so set up the init script to pass the -ss option to prevent syslogd from opening any network sockets. It can be overridden in /etc/default/syslogd. Signed-off-by: Diego Santa Cruz <[email protected]> --- meta/recipes-extended/sysklogd/files/sysklogd | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-extended/sysklogd/files/sysklogd b/meta/recipes-extended/sysklogd/files/sysklogd index 2a356a637a..050772b59d 100755 --- a/meta/recipes-extended/sysklogd/files/sysklogd +++ b/meta/recipes-extended/sysklogd/files/sysklogd @@ -22,6 +22,9 @@ binpath_syslogd=/usr/sbin/syslogd test -x $binpath || exit 0 +# run secure by default +SYSLOGD="-ss" + test ! -r /etc/default/syslogd || . /etc/default/syslogd create_xconsole() -- 2.18.4
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#148602): https://lists.openembedded.org/g/openembedded-core/message/148602 Mute This Topic: https://lists.openembedded.org/mt/80905043/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
