On Wed, 2008-07-09 at 12:33 -0400, Mike wrote:
On Wed, 9 Jul 2008, Balazs Scheidler wrote:
On Wed, 2008-07-09 at 09:57 -0400, Mike wrote:
hello all,
it seems that TCP Wrappers can be enabled by default when compiling syslog-ng 2.0.9, despite what the documentation says.
From what I can see, the configure script looks for the existance of the libwrap libraries, and if they exist it will enable support (added in syslog-ng 2.0.3).
would it be possible to either update the documents to mention that libwrap is not disabled by default, or maybe make it so you do actually have to manually enable libwrap?
(compiling on RedHat ES4, which has the libwrap devel libraries)
What's wrong with enabling tcp wrappers by default?
enabling by default is OK, it would just be nice if the docs were updated to reflect this. (the INSTALL file, and http://www.balabit.com/network-security/syslog-ng/opensource-logging-system/... say "--enable-tcp-wrapper Enable using /etc/hosts.deny and /etc/hosts.allow for TCP access (disabled by default).")
when compiling it does print out that it is enabling TCP Wrappers with this line: checking whether to enable TCP wrapper support... yes
but I completely missed it when it scrolled by.
the only reason I bring it up is because I recently moved from 1.6.x to 2.0.9, and on the vast majority of my machines this upgrade went smoothly, but I did have problems on those with TCP Wrappers enabled because it did not even occour to me to watch for this.
maybe changing the option from --enable-tcp-wrapper to --disable-tcp-wrapper would be good, so people could have a way disable it with out having to hand modify some compile scripts.
You can use all --enable options as --disable options, so --disable-tcp-wrapper works. The default is not to enable, but to autodetect it, supplying a --disable-tcp-wrappers option will disable autodetection, but that's the way all arguments work basically. I'll let the documentation people know that this should be fixed. -- Bazsi