Setup guide

or match a single host like this:

-a 192.168.1.23/32

It is also possible to specify hostnames or domain names instead of IP addresses, but

this is not recommended.

To configure Mac OS X Server as a log server that accepts log messages from other

systems on the network:

1. Open /etc/rc and locate the line that reads:

/usr/sbin/syslogd -s -m 0

2. Replacing the address after -a with your site’s network, change the line to:

I/usr/sbin/syslogd –n -a 192.168.1.0/24

The –n option disables DNS lookups.

3. Insert this command as the second to last line of the file, right before the

“exit 0” line as illustrated here:

killall -HUP syslogd #re-load configuration

exit 0

4.9 Securing Remote Login

The remote login service provided with Mac OS X is Secure Shell (SSH). This service

provides access via an encrypted link. Older services such as Telnet or RSH that do

not encrypt their communications should never be used as they allow network

eavesdroppers to intercept passwords or other data.

4.9.1 Disable Remote Login

If it is not necessary to remotely log into the system or use another program that

depends on SSH, then the Remote Login service should be disabled. Programs that

depend on SSH for network communications include Server Admin. Disabling

Remote Login on a server will prevent remote administration of that server via

Server Admin. To disable Remote Login:

1. Open System Preferences.

2. Click on the Sharing icon.

3. Uncheck the “Remote Login” item in the Service list.

4.9.2 Configure OpenSSH

If it is necessary to use SSH, then altering the default settings is recommended. The

SSH server configuration file is located at /private/etc/sshd_config (and is

UNCLASSIFIED