sysklogd: do not open any network sockets by default

The default in sysklogd 2.x is to open listening network sockets, unlike sysklogd 1.5 where the default was the opposite. This is contrary to a "secure by default" design, so set up the init script to pass the -ss option to prevent syslogd from opening any network sockets. It can be overridden in /etc/default/syslogd. Signed-off-by: Diego Santa Cruz <Diego.SantaCruz@spinetix.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Diego Santa Cruz <Diego.SantaCruz@spinetix.com> 2021-02-25 17:03:56 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-02-26 15:19:28 +0000
commit: 103688fd349338520c147d5bde07429951925141 (patch)
tree: cab5792d8d3dbb24a4645229d2e6910bfc57b918 /meta/recipes-extended
parent: 17ec69be55a6b7572947704c07d8693d47d7f1d1 (diff)
download: openembedded-core-103688fd349338520c147d5bde07429951925141.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/meta/recipes-extended/sysklogd/files/sysklogd b/meta/recipes-extended/sysklogd/files/sysklogd
index 2a356a637a..050772b59d 100755
--- a/meta/recipes-extended/sysklogd/files/sysklogd
+++ b/meta/recipes-extended/sysklogd/files/sysklogd
@@ -22,6 +22,9 @@ binpath_syslogd=/usr/sbin/syslogd
 
 test -x $binpath || exit 0
 
+# run secure by default
+SYSLOGD="-ss"
+
 test ! -r /etc/default/syslogd || . /etc/default/syslogd
 
 create_xconsole()
author	Diego Santa Cruz <Diego.SantaCruz@spinetix.com>	2021-02-25 17:03:56 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2021-02-26 15:19:28 +0000
commit	103688fd349338520c147d5bde07429951925141 (patch)
tree	cab5792d8d3dbb24a4645229d2e6910bfc57b918 /meta/recipes-extended
parent	17ec69be55a6b7572947704c07d8693d47d7f1d1 (diff)
download	openembedded-core-103688fd349338520c147d5bde07429951925141.tar.gz