According to the man page for syslogd, "The default behavior is that syslogd won't listen to the network." Yet, check this out: [root@gateway init.d]# uname -a Linux gateway.home.com 2.0.36 #6 Mon Nov 23 13:16:03 PST 1998 i586 unknown [root@gateway init.d]# cat /etc/issue Red Hat Linux release 5.0 (Hurricane) Kernel 2.0.36 on an i586 [root@gateway init.d]# lsof -i -P |grep 514 [root@gateway init.d]# syslogd -v syslogd 1.3-3 [root@gateway init.d]# rpm -qf `which syslogd` sysklogd-1.3-25 (Note: upgraded to latest RPM) [root@gateway init.d]# syslogd (Note: no -r flag given) [root@gateway init.d]# lsof -i -P |grep 514 syslogd 4880 root 1u inet 0x010de810 0t0 UDP *:514 [root@gateway init.d]# ./syslog stop Shutting down system loggers: syslogd [root@gateway init.d]# lsof -i -P |grep 514 [root@gateway init.d]# Looks like a bug. What do you think?
This is not a bug. Syslogd opens the port when it first starts but it is not listening to the port. Therefore it is not a security concern. syslogd 231 root 1u inet 0x03636810 0t0 UDP *:514