Publication Date: 2012-07-25 | Views: 134 | Downloads: 0 | Author: Siddharth Mishra | Document ID: EKB0000525805
Syslog daemon in Solaris by default is enabled for remote logging and will listen on UDP port 514 for syslog messages from remote systems. Unless, the server is acting as a remote logging server, this can be a Security issue as a malicious
user can launch a Denial Of Service (DoS) attack on the server.
Unless a Server is as a Remote Central Logging server, it is recommended to disable Remote logging in Solaris.
To check if your syslog service is listening for remote logs,
# netstat -aP udp | grep syslog
This will show an output for syslog with status “idle”.
After edit the /etc/default/syslogd and restart syslogd as follows:
# svcadm -v restart svc:/system/system-log
Action restart set for svc:/system/system-log:default
It can be achieved by simply editing the /etc/default/syslogd using an editor like vi
# vi /etc/default/syslogd
Change the line from
Save the file and restart the Syslogd daemon
# /etc/init.d/syslog stop
# /etc/init.d/syslog start
#netstat -aP|grep syslog
should not show an entry for syslog with status “idle”
It is done in the M company to secure the U2000, beacuse no firewall in the network to protect the U2000.