1 |
On Mon, Dec 11, 2017 at 4:03 PM, Alan Mackenzie <acm@×××.de> wrote: |
2 |
> On Mon, Dec 11, 2017 at 18:56:15 +0000, Neil Bothwick wrote: |
3 |
|
4 |
|
5 |
>> This may come as a surprise to some, but some things you hear on |
6 |
>> t'internet are not true... |
7 |
>> |
8 |
>> For example, the http server is there to allow access to logs from |
9 |
>> another machine without needing to grant SSH access. It is not enabled by |
10 |
>> default. |
11 |
> |
12 |
> OK. But it's still there taking up RAM, and (more importantly) makes a |
13 |
> systemd system a broader target for attacks. Whether a system has an |
14 |
> http server (or, for that matter, an SSH server), for whatever purpose, |
15 |
> should be for the system administrator to decide. I suspect this isn't |
16 |
> the case for systemd's http server. |
17 |
> |
18 |
> In any case, I don't want an http server on my system: I have no http to |
19 |
> serve. I installed sshd as one of the first things on my new system, to |
20 |
> facilitate the transfer of files to it (and, probably, reading logs from |
21 |
> it remotely). |
22 |
|
23 |
I don't use systemd on Gentoo but I assume that there's a USE flag for |
24 |
the http server, because, in binary distributions, this http server's |
25 |
in a standalone package - "systemd-journal-remote" on Ubuntu and |
26 |
"systemd-journal-gateway" on RHEL and clones. |
27 |
|
28 |
|
29 |
> I don't want a binary logging daemon either: that means having to learn |
30 |
> a special purpose utility to be able to read its logs, and, in general, |
31 |
> not being able to read that log from a remote machine. |
32 |
|
33 |
You can set "Storage=none" and "ForwardToSyslog=yes" in |
34 |
"/etc/systemd/journald.conf", install and enable rsyslog and you won't |
35 |
have binary logs when running systemd. |