On Tue, Jul 27, 2010 at 10:34:58AM +0200, Hoenig, Stefan, VF-Group wrote:
Hi Guys,
Hallo Stefan,
we use syslog-ng to collect application logs and still use the standard syslogd for system logging.
The problem is that we want to prevent that they can also configure systemlogging sources in their config like "/proc/kmsg" or "dev/log" on Linux. Is there a possibility to overwrite such sources in the global config or better a global parameter that avoids such configurations?
I ran into a similar situation in my environment. I wanted a testing daemon which ran separately from the main one so that I could make a lot of changes without causing outages. I noticed it's possible to run a daemon (in your case it would be the application's daemon) as a non-root user as long as you do not try to open the log devices (which you want to prevent anyway) and bind it to sockets on ports >= 1024. If that's not enough you could experiment with capabilities (man capabilities) using getcap and setcap commands. It's possible to give a process on a recent Linux or UNIX some root privileges without giving it everything. This can be used, for example, to allow it to bind sockets, without allowing it to do all the unwanted things. SELinux, etc. could also be used to provide similar advantages.
With best regards / Mit freundlichen Grüßen Stefan Hoenig
MfG, Matthew.