Remove syslog-ng-nosystemd?

Topic: Remove syslog-ng-nosystemd? (Read 1880 times) previous topic - next topic

0 Members and 3 Guests are viewing this topic.

Remove syslog-ng-nosystemd?

15 November 2017, 03:19:51

Remove it? It wants to remove eventslog and then it asks if I want to remove this. And everytime I see something like this I think - oh no, arch is trying to sneak systemd back into my system.

Re: Remove syslog-ng-nosystemd?

Reply #1 – 15 November 2017, 03:21:54

Code: [Select]

[system]
Include = /etc/pacman.d/mirrorlist
[world]
Include = /etc/pacman.d/mirrorlist
[galaxy]
Include = /etc/pacman.d/mirrorlist


#[core]
#SigLevel = PackageRequired
#Include = /etc/pacman.d/mirrorlist

[extra]
#SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist-arch

[community]
Include = /etc/pacman.d/mirrorlist-arch

#SigLevel = PackageRequired
# If you want to run 32 bit applications on your x86_64 system,
# enable the multilib repositories as required here.

[multilib]
Include = /etc/pacman.d/mirrorlist-arch

no - core is ccmmented out. So I wait?

Re: Remove syslog-ng-nosystemd?

Reply #2 – 15 November 2017, 03:43:32

Quote from: mrbrklyn – on 15 November 2017, 03:19:51

Remove it? It wants to remove eventslog and then it asks if I want to remove this. And everytime I see something like this I think - oh no, arch is trying to sneak systemd back into my system.

You're good. Not systemd. See here

Re: Remove syslog-ng-nosystemd?

Reply #3 – 15 November 2017, 04:03:08

Quote from: scottfurry – on 15 November 2017, 03:43:32

You're good. Not systemd. See here

Quote

syslog-ng is an open-source implementation of the syslog protocol for Unix and Unix-like systems. It extends the original syslogd model with content-based filtering, rich filtering capabilities, flexible configuration options and adds important features to syslog, like using TCP for transport.

Using TCP for logging, IMO is not a good idea.

Re: Remove syslog-ng-nosystemd?

Reply #4 – 15 November 2017, 04:09:32

The nomenclature of appending a letter 'd' to a daemon name pre-dates systemd.
As you have quoted from the page, syslog-ng uses the syslog protocol for Unix and Unix-like systems.
Files are in text format (unlike systemd logging which uses a binary-based format).

As for TCP - don't care. If you choose not use syslog-ng, that is certainly your choice.

However, I'm just making clear that syslog-ng has nothing to do with the sytemd architecture.

Re: Remove syslog-ng-nosystemd?

Reply #5 – 15 November 2017, 04:14:21

Quote from: scottfurry – on 15 November 2017, 04:09:32

The nomenclature of appending a letter 'd' to a daemon name pre-dates systemd.
As you have quoted from the page, syslog-ng uses the syslog protocol for Unix and Unix-like systems.
Files are in text format (unlike systemd logging which uses a binary-based format).

As for TCP - don't care. If you choose not use syslog-ng, that is certainly your choice.

However, I'm just making clear that syslog-ng has nothing to do with the sytemd architecture.

I had my new server which was a fresh artix install hacked into from China in 2 weeks, so keeping the attack surface down has now been a huge concern because I have no idea what was the vector. I'm happy it is not attached to systemd!! That is great. But I don't want it coming up as a service with netstat -tan

Re: Remove syslog-ng-nosystemd?

Reply #6 – 15 November 2017, 04:25:48

Quote from: mrbrklyn – on 15 November 2017, 04:14:21

I had my new server which was a fresh artix install hacked into from China in 2 weeks, so keeping the attack surface down has now been a huge concern because I have no idea what was the vector. I'm happy it is not attached to systemd!! That is great. But I don't want it coming up as a service with netstat -tan

Sounds like you have other issues to address. There were numerous reports in the past on Ars Technica and Wired about routers shipping with known default admin passwords. ISP providers don't tell you these things when they install their equipment. My advice would be to change the admin password - quickly.

Shorewall/iptables would then be my recommendation to help keep you safe before worrying about what utility software does and does not use TCP.

Re: Remove syslog-ng-nosystemd?

Reply #7 – 15 November 2017, 04:35:46

Systemd cannot get back in, it is not in any artix repo which means it is impossible to just appear, you don't need to be paranoid.

syslogng does not use tcp for logging by default. The tcp with tls security is for a dedicated log server. So for example 20 computers send their logs to 1 server, great for an admin that needs to review logs on many machines.
By default it is just a local log system without network configured.

Instead of blindly removing packages that you are unfamiliar with, it would be better for you to find the actual vector that they used to get in and then evaluate how to fix it.

Re: Remove syslog-ng-nosystemd?

Reply #8 – 15 November 2017, 05:46:38

Quote from: scottfurry – on 15 November 2017, 04:25:48

Sounds like you have other issues to address. There were numerous reports in the past on Ars Technica and Wired about routers shipping with known default admin passwords. ISP providers don't tell you these things when they install their equipment. My advice would be to change the admin password - quickly.

Shorewall/iptables would then be my recommendation to help keep you safe before worrying about what utility software does and does not use TCP.

It has nothing to do with the ISP router and a firewall (iptables) is false security. Something that faced the internet was hacked into, which could only be nntp, openssh, apache, postfix, bind, (and mailman). It is the same software with updates that I've used for 20 years.