Hi, I'm running a poll about tcp wrappers on twitter: https://twitter.com/PCzanik/status/961985140128911361 but feedback is also very welcome here: Is there anybody still using tcp wrappers support built into syslog-ng on Fedora / RHEL / CentOS? Fedora rawhide removed support for tcp wrappers, and if nobody opposes I'd remove it from the rest of my pacages as well to keep packaging simple. Some background info for those who don't even know what I'm talking about: https://fedoraproject.org/wiki/Changes/Deprecate_TCP_wrappers (In short: it's really archaic stuff I last time used in 1995... :) ) Bye, Peter Czanik (CzP) <peter.czanik@balabit.com> Balabit / syslog-ng upstream https://syslog-ng.com/blog/author/peterczanik/ https://twitter.com/PCzanik
For what it's worth, we still use tcp wrappers here because the people who look after OS-dependant packet ACLs aren't the people who look after OS-agnostic application ACLs. But saying that, if the application has no ACL capability we give it to xinetd, and it does the tcp wrappers instead, so as long as syslog-ng is xinetd-able there isn't a problem. - Declan On Thu, Feb 15, 2018 at 08:25:00AM +0100, Czanik, P?ter wrote:
Hi,
I'm running a poll about tcp wrappers on twitter: https://twitter.com/PCzanik/status/961985140128911361 but feedback is also very welcome here:
Is there anybody still using tcp wrappers support built into syslog-ng on Fedora / RHEL / CentOS? Fedora rawhide removed support for tcp wrappers, and if nobody opposes I'd remove it from the rest of my pacages as well to keep packaging simple.
Some background info for those who don't even know what I'm talking about: https://fedoraproject.org/wiki/Changes/Deprecate_TCP_wrappers
(In short: it's really archaic stuff I last time used in 1995... :) )
Bye,
Peter Czanik (CzP) <peter.czanik@balabit.com> Balabit / syslog-ng upstream https://syslog-ng.com/blog/author/peterczanik/ https://twitter.com/PCzanik
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Declan White
OK. Thank you for the feedback! In this case I'll add the necessary ifdefs to the spec files. So support for tcp wrappers will disappear only where it is gone from the base system, like Fedora 28+. And as Fedora is upstream for RHEL, I suspect that the next major version will also miss support for tcp wrappers. (this is the first time in about 20 years that somebody not just knows what tcp wrappers are but even uses them...) Bye, Peter Czanik (CzP) <peter.czanik@balabit.com> Balabit / syslog-ng upstream https://syslog-ng.com/blog/author/peterczanik/ https://twitter.com/PCzanik On Thu, Feb 15, 2018 at 2:07 PM, Declan White <declanw@is.bbc.co.uk> wrote:
For what it's worth, we still use tcp wrappers here because the people who look after OS-dependant packet ACLs aren't the people who look after OS-agnostic application ACLs.
But saying that, if the application has no ACL capability we give it to xinetd, and it does the tcp wrappers instead, so as long as syslog-ng is xinetd-able there isn't a problem.
- Declan
On Thu, Feb 15, 2018 at 08:25:00AM +0100, Czanik, P?ter wrote:
Hi,
I'm running a poll about tcp wrappers on twitter: https://twitter.com/PCzanik/status/961985140128911361 but feedback is also very welcome here:
Is there anybody still using tcp wrappers support built into syslog-ng on Fedora / RHEL / CentOS? Fedora rawhide removed support for tcp wrappers, and if nobody opposes I'd remove it from the rest of my pacages as well to keep packaging simple.
Some background info for those who don't even know what I'm talking about: https://fedoraproject.org/wiki/Changes/Deprecate_TCP_wrappers
(In short: it's really archaic stuff I last time used in 1995... :) )
Bye,
Peter Czanik (CzP) <peter.czanik@balabit.com> Balabit / syslog-ng upstream https://syslog-ng.com/blog/author/peterczanik/ https://twitter.com/PCzanik
____________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Declan White ____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
syslog-ng is not xinetd-able though. we can use systemd socket activation at least for unix domain sockets. -- Bazsi On Thu, Feb 15, 2018 at 3:35 PM, Czanik, Péter <peter.czanik@balabit.com> wrote:
OK. Thank you for the feedback! In this case I'll add the necessary ifdefs to the spec files. So support for tcp wrappers will disappear only where it is gone from the base system, like Fedora 28+. And as Fedora is upstream for RHEL, I suspect that the next major version will also miss support for tcp wrappers.
(this is the first time in about 20 years that somebody not just knows what tcp wrappers are but even uses them...)
Bye,
Peter Czanik (CzP) <peter.czanik@balabit.com> Balabit / syslog-ng upstream https://syslog-ng.com/blog/author/peterczanik/ https://twitter.com/PCzanik
On Thu, Feb 15, 2018 at 2:07 PM, Declan White <declanw@is.bbc.co.uk> wrote:
For what it's worth, we still use tcp wrappers here because the people who look after OS-dependant packet ACLs aren't the people who look after OS-agnostic application ACLs.
But saying that, if the application has no ACL capability we give it to xinetd, and it does the tcp wrappers instead, so as long as syslog-ng is xinetd-able there isn't a problem.
- Declan
On Thu, Feb 15, 2018 at 08:25:00AM +0100, Czanik, P?ter wrote:
Hi,
I'm running a poll about tcp wrappers on twitter: https://twitter.com/PCzanik/status/961985140128911361 but feedback is also very welcome here:
Is there anybody still using tcp wrappers support built into syslog-ng on Fedora / RHEL / CentOS? Fedora rawhide removed support for tcp wrappers, and if nobody opposes I'd remove it from the rest of my pacages as well to keep packaging simple.
Some background info for those who don't even know what I'm talking about: https://fedoraproject.org/wiki/Changes/Deprecate_TCP_wrappers
(In short: it's really archaic stuff I last time used in 1995... :) )
Bye,
Peter Czanik (CzP) <peter.czanik@balabit.com> Balabit / syslog-ng upstream https://syslog-ng.com/blog/author/peterczanik/ https://twitter.com/PCzanik
____________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product= syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Declan White ____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product= syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
participants (3)
-
Czanik, Péter
-
Declan White
-
Scheidler, Balázs