syslog-ng.conf problem on HP-UX-11.11
Hi, I've compile syslog-ng-2.0.2 on HP-UX-11.11, however messages are not going to desired destinations as defined in the syslog-ng.conf . my syslog-ng.conf --------------------------------------------- # syslog-ng configuration file. # # This should behave pretty much like the original syslog on HP-UX. But # it could be configured a lot smarter. # # See syslog-ng(8) and syslog-ng.conf(8) for more information. # # 20000925 gb@sysfive.com options { sync (0); time_reopen (10); log_fifo_size (1000); long_hostnames (off); use_dns (no); use_fqdn (no); create_dirs (no); keep_hostname (yes); }; source s_sys {internal();pipe("/dev/log"); }; destination d_cons { file("/dev/console1"); }; destination d_mesg { file("/var/adm/syslog/syslog-ng.log"); }; destination d_mail { file("/var/adm/syslog/mail-ng.log"); }; destination d_mlrt { usertty("root"); }; destination d_mlal { usertty("*"); }; filter f_filter1 { facility(mail) and level(debug); }; filter f_filter2 { (facility(mail) and level(debug)) or level(info); }; filter f_filter3 { level(alert); }; filter f_filter4 { level(emerg); }; log { source(s_sys); destination(d_mail); }; log { source(s_sys); destination(d_mesg); }; log { source(s_sys); destination(d_cons);destination(d_mlrt); }; log { source(s_sys); destination(d_mlal); }; # -------------------------------------------- Now If I generate message using "logger" utility on system, message should go to "/var/adm/syslog/syslog-ng.log", though they are not going... Is there anything wrong with .conf file? What should be the conf file for central server and client on HP-UX? syslog-ng daemon is running like: ------------------------------------------------------------------------------- syslog-ng service starting. # ps -eaf |grep syslog-ng root 14437 1 0 10:22:30 ? 0:00 /opt/soe/local/syslog-ng-2.0.2/sbin/syslog-ng -f /opt/soe/local # ------------------------------------------------------------------------------ Thanks Shamim syslog-ng-request@lists.balabit.hu wrote: Send syslog-ng mailing list submissions to syslog-ng@lists.balabit.hu To subscribe or unsubscribe via the World Wide Web, visit https://lists.balabit.hu/mailman/listinfo/syslog-ng or, via email, send a message with subject or body 'help' to syslog-ng-request@lists.balabit.hu You can reach the person managing the list at syslog-ng-owner@lists.balabit.hu When replying, please edit your Subject line so it is more specific than "Re: Contents of syslog-ng digest..." Today's Topics: 1. Re: Is this possible in syslog-ng.conf . (v2.0.2) (Balazs Scheidler) 2. Re: Setting permissions on log files (Balazs Scheidler) 3. Re: Is this possible in syslog-ng.conf . (v2.0.2) (Evan Rempel) 4. compilation errors with --enable-spoof-source (Ravi Papisetti -X (rpapiset - HCL at Cisco)) 5. Re: Is this possible in syslog-ng.conf . (v2.0.2) (Balazs Scheidler) 6. Re: compilation errors with --enable-spoof-source (Balazs Scheidler) 7. RE: compilation errors with --enable-spoof-source (Ravi Papisetti -X (rpapiset - HCL at Cisco)) 8. RE: compilation errors with --enable-spoof-source (Balazs Scheidler) ---------------------------------------------------------------------- Message: 1 Date: Mon, 19 Feb 2007 17:14:12 +0100 From: Balazs Scheidler Subject: Re: [syslog-ng] Is this possible in syslog-ng.conf . (v2.0.2) To: Syslog-ng users' and developers' mailing list Message-ID: <1171901652.11781.7.camel@bzorp.balabit> Content-Type: text/plain On Sun, 2007-02-18 at 16:48 -0800, Mr. James W. Laferriere wrote:
Ok . IMO counter intuitive , Tho reasonable with your explanation . One is very used to the 'source' in FW/router/...'s as being the source device(s) IP from where a packet came from .
syslog-ng is not a firewall :) this is sometimes strange to me as well, being involved in firewall products as well. But putting the joke aside, syslog-ng is a "syslog message pipe" processor: sources generate messages, destinations serve as message sinks. Some filtering here and there, that's about syslog-ng's internal structure. So, naming source as a source is consistent with syslog-ng itself.
An aside , Can one do the 'Formatting' like my example above , again no examples show up like that , but I am hopeful .
To do that you need the netmask() filter.
Next time I'll go looking at the Blog at Gmane first before shooting my mouth off . netmask was just the hint I needed . Tho it sure would be nice for netmask() to support the /xx bits netmask format .
It does support this format. -- Bazsi ------------------------------ Message: 2 Date: Mon, 19 Feb 2007 17:15:57 +0100 From: Balazs Scheidler Subject: Re: [syslog-ng] Setting permissions on log files To: Syslog-ng users' and developers' mailing list Message-ID: <1171901757.11781.10.camel@bzorp.balabit> Content-Type: text/plain On Mon, 2007-02-19 at 01:45 +0000, Bryan Henderson wrote:
With the 'file' destination, Syslog-ng modifies the ownership and permissions of the file when it opens it. There are configuration file options to choose what it sets them to, but AFAICT, no way to have Syslog-ng just leave the files as it finds them.
I prefer to maintain permissions and ownership separately; I set them when I create the file and expect them to stick. Could there be a configuration file option for that?
IIRC, you can use -1 for various options, which means "do not touch". But I would need to test it. The code in the C part is there, the only question that remains whether the parser accepts "-1" in the place of owner/group/permissions. -- Bazsi ------------------------------ Message: 3 Date: Mon, 19 Feb 2007 09:02:15 -0800 From: Evan Rempel Subject: Re: [syslog-ng] Is this possible in syslog-ng.conf . (v2.0.2) To: "Syslog-ng users' and developers' mailing list" Message-ID: <45D9D817.7050309@uvic.ca> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Balazs Scheidler wrote:
On Sun, 2007-02-18 at 16:48 -0800, Mr. James W. Laferriere wrote:
Ok . IMO counter intuitive , Tho reasonable with your explanation . One is very used to the 'source' in FW/router/...'s as being the source device(s) IP from where a packet came from .
syslog-ng is not a firewall :) this is sometimes strange to me as well, being involved in firewall products as well. But putting the joke aside, syslog-ng is a "syslog message pipe" processor: sources generate messages, destinations serve as message sinks. Some filtering here and there, that's about syslog-ng's internal structure.
So, naming source as a source is consistent with syslog-ng itself.
I think that the author of the original comment was refereing to the IP address binding in the source definition source network { tcp( ip(xxxx) ); }; where the IP address is NOT the source at all, it is a local IP address to bind the listener to. Perhaps the syntax should be source network { tcp( bind(xxxx) ); }; since the bind address MUST be ip since the definition is already defined to be tcp. I think it is a little counter intuitive even within the scope of syslog-ng. Evan.
An aside , Can one do the 'Formatting' like my example above , again no examples show up like that , but I am hopeful .
To do that you need the netmask() filter. Next time I'll go looking at the Blog at Gmane first before shooting my mouth off . netmask was just the hint I needed . Tho it sure would be nice for netmask() to support the /xx bits netmask format .
It does support this format.
-- Evan Rempel erempel@uvic.ca Senior Programmer Analyst 250.721.7691 Computing Services University of Victoria ------------------------------ Message: 4 Date: Mon, 19 Feb 2007 13:09:41 -0600 From: "Ravi Papisetti -X (rpapiset - HCL at Cisco)" Subject: [syslog-ng] compilation errors with --enable-spoof-source To: "syslog-ng@lists.balabit.hu" Message-ID: <5A8F8213-CAC5-4190-A902-FE91C0DC844D@mimectl> Content-Type: text/plain; charset="iso-8859-1" Hi, I am using syslog-ng 1.6.11 and trying to compile this package with ./configure --enable-spoof-source, it throws errors as below checking whether to enable Sun STREAMS support... yes checking whether to enable Sun door support... yes checking whether to enable TCP wrapper support... no checking whether to enable spoof_source support... ./configure: test: too many arguments configure: error: libnet-config not found It compiles fine without --enable-spoof-source this option. Could you do the needful. Thanks, Ravi Kumar P.
You have to put the log device with the pad_size into your system source. source s_sys {pipe("/dev/log" pad_size(2048)); internal(); }; It's working on my system so you can try. You can also add the klog device (/dev/klog) with same options than /dev/log. Shamim a écrit :
Hi, I've compile syslog-ng-2.0.2 on HP-UX-11.11, however messages are not going to desired destinations as defined in the syslog-ng.conf .
my syslog-ng.conf --------------------------------------------- # syslog-ng configuration file. # # This should behave pretty much like the original syslog on HP-UX. But # it could be configured a lot smarter. # # See syslog-ng(8) and syslog-ng.conf(8) for more information. # # 20000925 gb@sysfive.com <mailto:gb@sysfive.com> options { sync (0); time_reopen (10); log_fifo_size (1000); long_hostnames (off); use_dns (no); use_fqdn (no); create_dirs (no); keep_hostname (yes); }; source s_sys {internal();pipe("/dev/log"); }; destination d_cons { file("/dev/console1"); }; destination d_mesg { file("/var/adm/syslog/syslog-ng.log"); }; destination d_mail { file("/var/adm/syslog/mail-ng.log"); }; destination d_mlrt { usertty("root"); }; destination d_mlal { usertty("*"); }; filter f_filter1 { facility(mail) and level(debug); }; filter f_filter2 { (facility(mail) and level(debug)) or level(info); }; filter f_filter3 { level(alert); }; filter f_filter4 { level(emerg); }; log { source(s_sys); destination(d_mail); }; log { source(s_sys); destination(d_mesg); }; log { source(s_sys); destination(d_cons);destination(d_mlrt); }; log { source(s_sys); destination(d_mlal); }; # -------------------------------------------- Now If I generate message using "logger" utility on system, message should go to "/var/adm/syslog/syslog-ng.log", though they are not going... Is there anything wrong with .conf file?
What should be the conf file for central server and client on HP-UX?
syslog-ng daemon is running like: ------------------------------------------------------------------------------- syslog-ng service starting. # ps -eaf |grep syslog-ng root 14437 1 0 10:22:30 ? 0:00 /opt/soe/local/syslog-ng-2.0.2/sbin/syslog-ng -f /opt/soe/local # ------------------------------------------------------------------------------
Thanks Shamim
*/syslog-ng-request@lists.balabit.hu/* wrote:
Send syslog-ng mailing list submissions to syslog-ng@lists.balabit.hu
To subscribe or unsubscribe via the World Wide Web, visit https://lists.balabit.hu/mailman/listinfo/syslog-ng or, via email, send a message with subject or body 'help' to syslog-ng-request@lists.balabit.hu
You can reach the person managing the list at syslog-ng-owner@lists.balabit.hu
When replying, please edit your Subject line so it is more specific than "Re: Contents of syslog-ng digest..."
Today's Topics:
1. Re: Is this possible in syslog-ng.conf . (v2.0.2) (Balazs Scheidler) 2. Re: Setting permissions on log files (Balazs Scheidler) 3. Re: Is this possible in syslog-ng.conf . (v2.0.2) (Evan Rempel) 4. compilation errors with --enable-spoof-source (Ravi Papisetti -X (rpapiset - HCL at Cisco)) 5. Re: Is this possible in syslog-ng.conf . (v2.0.2) (Balazs Scheidler) 6. Re: compilation errors with --enable-spoof-source (Balazs Scheidler) 7. RE: compilation errors with --enable-spoof-source (Ravi Papisetti -X (rpapiset - HCL at Cisco)) 8. RE: compilation errors with --enable-spoof-source (Balazs Scheidler)
----------------------------------------------------------------------
Message: 1 Date: Mon, 19 Feb 2007 17:14:12 +0100 From: Balazs Scheidler Subject: Re: [syslog-ng] Is this possible in syslog-ng.conf . (v2.0.2) To: Syslog-ng users' and developers' mailing list
Message-ID: <1171901652.11781.7.camel@bzorp.balabit> Content-Type: text/plain
On Sun, 2007-02-18 at 16:48 -0800, Mr. James W. Laferriere wrote:
> Ok . IMO counter intuitive , Tho reasonable with your explanation . > One is very used to the 'source' in FW/router/...'s as being the source > device(s) IP from where a packet came from .
syslog-ng is not a firewall :) this is sometimes strange to me as well, being involved in firewall products as well. But putting the joke aside, syslog-ng is a "syslog message pipe" processor: sources generate messages, destinations serve as message sinks. Some filtering here and there, that's about syslog-ng's internal structure.
So, naming source as a source is consistent with syslog-ng itself.
> An aside , Can one do the 'Formatting' like my example above , again > no examples show up like that , but I am hopeful . > > > > To do that you need the netmask() filter. > > Next time I'll go looking at the Blog at Gmane first before shooting my > mouth off . netmask was just the hint I needed . > Tho it sure would be nice for netmask() to support the /xx bits netmask > format .
It does support this format.
-- Bazsi
------------------------------
Message: 2 Date: Mon, 19 Feb 2007 17:15:57 +0100 From: Balazs Scheidler Subject: Re: [syslog-ng] Setting permissions on log files To: Syslog-ng users' and developers' mailing list
Message-ID: <1171901757.11781.10.camel@bzorp.balabit> Content-Type: text/plain
On Mon, 2007-02-19 at 01:45 +0000, Bryan Henderson wrote: > With the 'file' destination, Syslog-ng modifies the ownership and > permissions of the file when it opens it. There are configuration > file options to choose what it sets them to, but AFAICT, no way to > have Syslog-ng just leave the files as it finds them. > > I prefer to maintain permissions and ownership separately; I set them > when I create the file and expect them to stick. Could there be a > configuration file option for that? >
IIRC, you can use -1 for various options, which means "do not touch". But I would need to test it. The code in the C part is there, the only question that remains whether the parser accepts "-1" in the place of owner/group/permissions.
-- Bazsi
------------------------------
Message: 3 Date: Mon, 19 Feb 2007 09:02:15 -0800 From: Evan Rempel Subject: Re: [syslog-ng] Is this possible in syslog-ng.conf . (v2.0.2) To: "Syslog-ng users' and developers' mailing list"
Message-ID: <45D9D817.7050309@uvic.ca> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Balazs Scheidler wrote: > On Sun, 2007-02-18 at 16:48 -0800, Mr. James W. Laferriere wrote: > >> Ok . IMO counter intuitive , Tho reasonable with your explanation . >> One is very used to the 'source' in FW/router/...'s as being the source >> device(s) IP from where a packet came from . > > syslog-ng is not a firewall :) this is sometimes strange to me as well, > being involved in firewall products as well. But putting the joke aside, > syslog-ng is a "syslog message pipe" processor: sources generate > messages, destinations serve as message sinks. Some filtering here and > there, that's about syslog-ng's internal structure. > > So, naming source as a source is consistent with syslog-ng itself.
I think that the author of the original comment was refereing to the IP address binding in the source definition
source network { tcp( ip(xxxx) ); };
where the IP address is NOT the source at all, it is a local IP address to bind the listener to. Perhaps the syntax should be
source network { tcp( bind(xxxx) ); };
since the bind address MUST be ip since the definition is already defined to be tcp.
I think it is a little counter intuitive even within the scope of syslog-ng.
Evan.
> >> An aside , Can one do the 'Formatting' like my example above , again >> no examples show up like that , but I am hopeful . >> >> >>> To do that you need the netmask() filter. >> Next time I'll go looking at the Blog at Gmane first before shooting my >> mouth off . netmask was just the hint I needed . >> Tho it sure would be nice for netmask() to support the /xx bits netmask >> format . > > It does support this format. >
-- Evan Rempel erempel@uvic.ca Senior Programmer Analyst 250.721.7691 Computing Services University of Victoria
------------------------------
Message: 4 Date: Mon, 19 Feb 2007 13:09:41 -0600 From: "Ravi Papisetti -X (rpapiset - HCL at Cisco)"
Subject: [syslog-ng] compilation errors with --enable-spoof-source To: "syslog-ng@lists.balabit.hu" Message-ID: <5A8F8213-CAC5-4190-A902-FE91C0DC844D@mimectl> Content-Type: text/plain; charset="iso-8859-1"
Hi,
I am using syslog-ng 1.6.11 and trying to compile this package with ./configure --enable-spoof-source, it throws errors as below
checking whether to enable Sun STREAMS support... yes checking whether to enable Sun door support... yes checking whether to enable TCP wrapper support... no checking whether to enable spoof_source support... ./configure: test: too many arguments configure: error: libnet-config not found
It compiles fine without --enable-spoof-source this option. Could you do the needful.
Thanks, Ravi Kumar P.
Hi Please can anyone help me how to log message to syslog-ng manually. e.g. in Linux I can log message as # logger "test message" <Return> ; and it goes to file defined in syslog-ng.conf(/var/adm/messages), However in case of HP-UX it is not working as describe above for Linux. Is there any other method to log message manually in HP-UX? Or messages are dropping? Please suggest. Thanks Shamimuddin CSC Noida olivier rolland <madmax2010fr@yahoo.fr> wrote: You have to put the log device with the pad_size into your system source. source s_sys {pipe("/dev/log" pad_size(2048)); internal(); }; It's working on my system so you can try. You can also add the klog device (/dev/klog) with same options than /dev/log. Shamim a écrit :
Hi, I've compile syslog-ng-2.0.2 on HP-UX-11.11, however messages are not going to desired destinations as defined in the syslog-ng.conf .
my syslog-ng.conf --------------------------------------------- # syslog-ng configuration file. # # This should behave pretty much like the original syslog on HP-UX. But # it could be configured a lot smarter. # # See syslog-ng(8) and syslog-ng.conf(8) for more information. # # 20000925 gb@sysfive.com options { sync (0); time_reopen (10); log_fifo_size (1000); long_hostnames (off); use_dns (no); use_fqdn (no); create_dirs (no); keep_hostname (yes); }; source s_sys {internal();pipe("/dev/log"); }; destination d_cons { file("/dev/console1"); }; destination d_mesg { file("/var/adm/syslog/syslog-ng.log"); }; destination d_mail { file("/var/adm/syslog/mail-ng.log"); }; destination d_mlrt { usertty("root"); }; destination d_mlal { usertty("*"); }; filter f_filter1 { facility(mail) and level(debug); }; filter f_filter2 { (facility(mail) and level(debug)) or level(info); }; filter f_filter3 { level(alert); }; filter f_filter4 { level(emerg); }; log { source(s_sys); destination(d_mail); }; log { source(s_sys); destination(d_mesg); }; log { source(s_sys); destination(d_cons);destination(d_mlrt); }; log { source(s_sys); destination(d_mlal); }; # -------------------------------------------- Now If I generate message using "logger" utility on system, message should go to "/var/adm/syslog/syslog-ng.log", though they are not going... Is there anything wrong with .conf file?
What should be the conf file for central server and client on HP-UX?
syslog-ng daemon is running like: ------------------------------------------------------------------------------- syslog-ng service starting. # ps -eaf |grep syslog-ng root 14437 1 0 10:22:30 ? 0:00 /opt/soe/local/syslog-ng-2.0.2/sbin/syslog-ng -f /opt/soe/local # ------------------------------------------------------------------------------
Thanks Shamim
*/syslog-ng-request@lists.balabit.hu/* wrote:
Send syslog-ng mailing list submissions to syslog-ng@lists.balabit.hu
To subscribe or unsubscribe via the World Wide Web, visit https://lists.balabit.hu/mailman/listinfo/syslog-ng or, via email, send a message with subject or body 'help' to syslog-ng-request@lists.balabit.hu
You can reach the person managing the list at syslog-ng-owner@lists.balabit.hu
When replying, please edit your Subject line so it is more specific than "Re: Contents of syslog-ng digest..."
Today's Topics:
1. Re: Is this possible in syslog-ng.conf . (v2.0.2) (Balazs Scheidler) 2. Re: Setting permissions on log files (Balazs Scheidler) 3. Re: Is this possible in syslog-ng.conf . (v2.0.2) (Evan Rempel) 4. compilation errors with --enable-spoof-source (Ravi Papisetti -X (rpapiset - HCL at Cisco)) 5. Re: Is this possible in syslog-ng.conf . (v2.0.2) (Balazs Scheidler) 6. Re: compilation errors with --enable-spoof-source (Balazs Scheidler) 7. RE: compilation errors with --enable-spoof-source (Ravi Papisetti -X (rpapiset - HCL at Cisco)) 8. RE: compilation errors with --enable-spoof-source (Balazs Scheidler)
----------------------------------------------------------------------
Message: 1 Date: Mon, 19 Feb 2007 17:14:12 +0100 From: Balazs Scheidler Subject: Re: [syslog-ng] Is this possible in syslog-ng.conf . (v2.0.2) To: Syslog-ng users' and developers' mailing list
Message-ID: <1171901652.11781.7.camel@bzorp.balabit> Content-Type: text/plain
On Sun, 2007-02-18 at 16:48 -0800, Mr. James W. Laferriere wrote:
Ok . IMO counter intuitive , Tho reasonable with your explanation . One is very used to the 'source' in FW/router/...'s as being the source device(s) IP from where a packet came from .
syslog-ng is not a firewall :) this is sometimes strange to me as well, being involved in firewall products as well. But putting the joke aside, syslog-ng is a "syslog message pipe" processor: sources generate messages, destinations serve as message sinks. Some filtering here and there, that's about syslog-ng's internal structure.
So, naming source as a source is consistent with syslog-ng itself.
An aside , Can one do the 'Formatting' like my example above , again no examples show up like that , but I am hopeful .
To do that you need the netmask() filter.
Next time I'll go looking at the Blog at Gmane first before shooting my mouth off . netmask was just the hint I needed . Tho it sure would be nice for netmask() to support the /xx bits netmask format .
It does support this format.
-- Bazsi
------------------------------
Message: 2 Date: Mon, 19 Feb 2007 17:15:57 +0100 From: Balazs Scheidler Subject: Re: [syslog-ng] Setting permissions on log files To: Syslog-ng users' and developers' mailing list
Message-ID: <1171901757.11781.10.camel@bzorp.balabit> Content-Type: text/plain
On Mon, 2007-02-19 at 01:45 +0000, Bryan Henderson wrote:
With the 'file' destination, Syslog-ng modifies the ownership and permissions of the file when it opens it. There are configuration file options to choose what it sets them to, but AFAICT, no way to have Syslog-ng just leave the files as it finds them.
I prefer to maintain permissions and ownership separately; I set them when I create the file and expect them to stick. Could there be a configuration file option for that?
IIRC, you can use -1 for various options, which means "do not touch". But I would need to test it. The code in the C part is there, the only question that remains whether the parser accepts "-1" in the place of owner/group/permissions.
-- Bazsi
------------------------------
Message: 3 Date: Mon, 19 Feb 2007 09:02:15 -0800 From: Evan Rempel Subject: Re: [syslog-ng] Is this possible in syslog-ng.conf . (v2.0.2) To: "Syslog-ng users' and developers' mailing list"
Message-ID: <45D9D817.7050309@uvic.ca> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Balazs Scheidler wrote:
On Sun, 2007-02-18 at 16:48 -0800, Mr. James W. Laferriere wrote:
Ok . IMO counter intuitive , Tho reasonable with your explanation . One is very used to the 'source' in FW/router/...'s as being the source device(s) IP from where a packet came from .
syslog-ng is not a firewall :) this is sometimes strange to me as well, being involved in firewall products as well. But putting the joke aside, syslog-ng is a "syslog message pipe" processor: sources generate messages, destinations serve as message sinks. Some filtering here and there, that's about syslog-ng's internal structure.
So, naming source as a source is consistent with syslog-ng itself.
I think that the author of the original comment was refereing to the IP address binding in the source definition
source network { tcp( ip(xxxx) ); };
where the IP address is NOT the source at all, it is a local IP address to bind the listener to. Perhaps the syntax should be
source network { tcp( bind(xxxx) ); };
since the bind address MUST be ip since the definition is already defined to be tcp.
I think it is a little counter intuitive even within the scope of syslog-ng.
Evan.
An aside , Can one do the 'Formatting' like my example above ,
again
no examples show up like that , but I am hopeful .
To do that you need the netmask() filter. Next time I'll go looking at the Blog at Gmane first before shooting my mouth off . netmask was just the hint I needed . Tho it sure would be nice for netmask() to support the /xx bits netmask format .
It does support this format.
-- Evan Rempel erempel@uvic.ca Senior Programmer Analyst 250.721.7691 Computing Services University of Victoria
------------------------------
Message: 4 Date: Mon, 19 Feb 2007 13:09:41 -0600 From: "Ravi Papisetti -X (rpapiset - HCL at Cisco)"
Subject: [syslog-ng] compilation errors with --enable-spoof-source To: "syslog-ng@lists.balabit.hu" Message-ID: <5A8F8213-CAC5-4190-A902-FE91C0DC844D@mimectl> Content-Type: text/plain; charset="iso-8859-1"
Hi,
I am using syslog-ng 1.6.11 and trying to compile this package with ./configure --enable-spoof-source, it throws errors as below
checking whether to enable Sun STREAMS support... yes checking whether to enable Sun door support... yes checking whether to enable TCP wrapper support... no checking whether to enable spoof_source support... ./configure: test: too many arguments configure: error: libnet-config not found
It compiles fine without --enable-spoof-source this option. Could you do the needful.
Thanks, Ravi Kumar P.
Hello, I'm using a OpenSuse Linux 10.2 with kernel 2.6.18.2-34-default. I have a script in perl (hupsyslog) that need to get an environment variable. I'd gave permission of SUID to 'sperl' (that is a hard link to 'suidperl') as the system says. So now, I get this error message: Insecure $ENV{PATH} while running setuid at /usr/local/ldm/bin/hupsyslog line 24. The line 24 is as follows: ($os,$hostname,$version) = split(/ /,`uname -a`); What can I do about this? The system looks let the script not use environment variables. Any hints? Att. Marcus Vinícius S. Mendes Cachoeira Paulista / SP - Brazil (GMT-3) National Institute for Space Research - INPE Center for Weather Forecast and Climatic Analysis - CPTEC (+55) (12) 3186-8676
Hi, "Marcus Vinícius S. Mendes" <marcusvi@cptec.inpe.br> [20070226 14:37:26 -0300]:
Hello, I'm using a OpenSuse Linux 10.2 with kernel 2.6.18.2-34-default.
I have a script in perl (hupsyslog) that need to get an environment variable. I'd gave permission of SUID to 'sperl' (that is a hard link to 'suidperl') as the system says. So now, I get this error message:
Insecure $ENV{PATH} while running setuid at /usr/local/ldm/bin/hupsyslog line 24.
This is not a syslog-ng issue: http://www.perl.com/doc/manual/html/pod/perlsec.html
The line 24 is as follows:
($os,$hostname,$version) = split(/ /,`uname -a`);
What can I do about this?
...what happens if someone can persuade the $ENV{PATH} to become: PATH=/tmp/evilprograms:/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games The 'uname' that's run could be '/tmp/evilprograms/uname' instead of the program you are expecting, '/bin/uname'. To be honest you should be not executing programs from within programs as it makes the code unportable and introduces security problems like the one I just showed above. You should use $^O/$OSNAME as stated in 'man perlfaq8'. There are other OS independent ways to determine OS version and the hostname; I'll leave it to you to discover them as an educational exercise :)
The system looks let the script not use environment variables. Any hints?
Do not suidperl scripts...its usually asking for trouble in my book. What is it that you are actually doing with the script that means it needs to be suid? It screams alarm bells in my head that a pipe service for syslog-ng needs this. Often with a bit of thinking you can work around this problem but it really depends on what you are trying to do. Cheers Alex
participants (4)
-
"Marcus Vinícius S. Mendes"
-
Alexander Clouter
-
olivier rolland
-
Shamim