diff options
author | Diego Santa Cruz <Diego.SantaCruz@spinetix.com> | 2021-02-25 17:03:56 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-02-26 15:21:21 +0000 |
commit | 910b09c4bcd848bd071e3482f9c701380ff0e228 (patch) | |
tree | 351b9b40f372f4beaed45ad1ef42149e4b5e79a0 /meta/recipes-extended/sysklogd | |
parent | 53f118af3973e4d1b08bea8e193cd99095ddd072 (diff) | |
download | poky-910b09c4bcd848bd071e3482f9c701380ff0e228.tar.gz |
sysklogd: do not open any network sockets by default
The default in sysklogd 2.x is to open listening network sockets,
unlike sysklogd 1.5 where the default was the opposite.
This is contrary to a "secure by default" design, so set up the
init script to pass the -ss option to prevent syslogd from opening
any network sockets. It can be overridden in /etc/default/syslogd.
(From OE-Core rev: 103688fd349338520c147d5bde07429951925141)
Signed-off-by: Diego Santa Cruz <Diego.SantaCruz@spinetix.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended/sysklogd')
-rwxr-xr-x | meta/recipes-extended/sysklogd/files/sysklogd | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/meta/recipes-extended/sysklogd/files/sysklogd b/meta/recipes-extended/sysklogd/files/sysklogd index 2a356a637a..050772b59d 100755 --- a/meta/recipes-extended/sysklogd/files/sysklogd +++ b/meta/recipes-extended/sysklogd/files/sysklogd | |||
@@ -22,6 +22,9 @@ binpath_syslogd=/usr/sbin/syslogd | |||
22 | 22 | ||
23 | test -x $binpath || exit 0 | 23 | test -x $binpath || exit 0 |
24 | 24 | ||
25 | # run secure by default | ||
26 | SYSLOGD="-ss" | ||
27 | |||
25 | test ! -r /etc/default/syslogd || . /etc/default/syslogd | 28 | test ! -r /etc/default/syslogd || . /etc/default/syslogd |
26 | 29 | ||
27 | create_xconsole() | 30 | create_xconsole() |