Hello Mick, If you have another version of this you'd like me to post, let me know. I'm in a FAQ updating mood (I'm supposed to be writing my book so for some reason this has my attention instead, man I'm lame). On Mon, Aug 16, 2004 at 12:55:30PM -0500, Michael D. (Mick) Bauer wrote:
Thanks! I'll post a revised procedure later this week -- replies have been trickling in.
Cheers, Mick
On Sun, 15 Aug 2004 14:21:27 -0500 (CDT) "Michael D. (Mick) Bauer" <darth.elmo@wiremonkeys.org> wrote:
So far I haven't noticed that anything else needs to be added to the chroot jail (e.g., stuff from /dev or /etc), but if anyone knows differently please speak up!
Mick,
It's been awhile since I last setup syslog-ng in a chroot jail, but according to my notes I did the following on a recent Linux box:
o copied the follow files to /path/to/chroot/lib:
libnss_dns.so.2 libnss_files.so.2 libresolv.so.2 libnsl.so.2 libc.so.6 ld-linux.so.2
the first of which, being the one that seemed to actually be required for correct operation in my case. I believe the others were just referenced libraries, but not actually called.
o copied the following to /path/to/chroot/etc
nsswitch.conf resolv.conf `grep syslogng passwd` `grep syslogng group`
the last two being whatever user/group you used to run syslog-ng as.
John _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
/-------------------------------------------------\ | Michael D. (Mick) Bauer | | Security Editor, Linux Journal | | Dir. of Value-Subtracted Svcs., Wiremonkeys.org | \-------------------------------------------------/
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-- Nate God does not play dice. -- Einstein