From: Jani Mikkonen (rasjani@pcuf.fi)
Date: Fri Dec 22 2000 - 11:10:54 PST
First, which is just my few pennies, do not mail html formatted mail to
mailing lists ...
> My question concerns file logging. I routinely check /var/log/messages
and
> /var/log/secure for signs of any aberant behavior, but I can't find
anything that
> indicates any kind of logging from pmfirewall.
Check out a file syslog.conf which usually resides in /etc/ .. Theres entry
where
all kernel (kern) entries go. Check out that file. Personally i log all
kernel
messages to /var/log/kernel and maybe caldera does something like that by
default too.
> I'd also like to enable remote logging to another machine on the internal
network;
> are there any special requirements I should be aware of when trying to set
it up?
No special requirements.. Same file, /etc/syslog.conf and where usually
filename is
specified, put "@hostname" to it. Now all specified rows goes to remote
syslog daemon
on host "hostname". Note that on remote syslog daemon you must expicitly
enable
remote capabilities which is not done be default (atleast, not in redhat)
>What do most of use to test the strength of your firewall rules?
Check out nmap from www.insecure.org. Thou you need a host outside of your
firewall to run it efectly against your own rulesets. Check out also a
program called
nessus which can do exploit audits on your hosts.
****************************************************************************
* To UNSUBSCRIBE from the list, send a message with "unsubscribe pmfirewall"
* in the message body to majordomo@pointman.org. Please direct other
* questions, comments, or problems to pmfirewall-owner@pointman.org.
*
* Need answers fast? Check the list archive located at:
* http://www.pointman.org/PMFirewall/list-archive/
*
This archive was generated by hypermail 2b29 : Sun Jun 10 2001 - 02:38:33 PDT