Thank you very much. I have disabled SELinux and every thing goes fine. Do you think it is better to run syslog-ng with or without SELinux especially that I may use MySQL and PHP-syslog-ng? Kind regards -----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Jose Pedro Oliveira Sent: Saturday, May 27, 2006 6:59 PM To: Syslog-ng users' and developers' mailing list Subject: Re: [syslog-ng] Starting syslog-ng as root -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Muath Al Khalaf wrote:
Hi, I am using Redhat Enterprise 4. I am using the official rpm image built by Balabit for RHE 4 with their startup script. The executable did not return anything (at least in front of me inside console). For strace I do not know how to use it.
You may be having problems with SELinux. In RHEL4, CentOS, and Fedora Core 3 you need to enable the use_syslogng SELinux boolean before starting the syslog-ng daemon [1]. To check the use_syslogng boolean status getsebool -a | grep syslogng To enable it (and saving its value) setsebool -P use_syslogng 1 jpo [1] - you need to have the a recent selinux-policy-targeted - -- José Pedro Oliveira * mailto: jpo@di.uminho.pt * http://gsd.di.uminho.pt/jpo * * gpg fingerprint = F9B6 8D87 859D 1C94 48F0 84C0 9749 9EB5 91BD 851B * -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFEeHc6l0metZG9hRsRAvqLAJ41iuwCrKNhFhyG2lWyv6Q2eScdzACgmoMD QzNXnXkc4tuHT0bbK5Fl5iw= =s/7p -----END PGP SIGNATURE-----
Do you think it is better to run syslog-ng with or without SELinux
Consider the following: 1) SELinux goal is to contain the attacker if the case of a compromise. 2) SELinux takes a lot of work to setup. Since you are also adding both MySQL and PHP-syslog-ng it will take even more work. 3) Once you have it setup, do you have a way to easily rebuld the same configuration if needed? Hence consider the following formula. better = ("level of effort" (1-10)/"ease of rebuild"(1-10)) * "time available"(estimated hours) / "estimated risk of compromise"(1-10) * "required level of risk adversion (include legal requirements)"(1-10)* "Risk of position in case attack"(1-10) Hence if you have the time to learn SELinux and and have high requirements to contain any successful attacks, then SELinux is better. If you don't have a lot of time and don't have high requirements and can easily rebuild the system if it's compromised then don't worry about SELinux. Hence "better" is all about your risks and the tradeoffs you need to make. -- Pe5ky Tac0 -------------- Yum, Fish Tacos !! Muath Al Khalaf wrote:
Thank you very much. I have disabled SELinux and every thing goes fine. Do you think it is better to run syslog-ng with or without SELinux especially that I may use MySQL and PHP-syslog-ng?
Kind regards
-----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Jose Pedro Oliveira Sent: Saturday, May 27, 2006 6:59 PM To: Syslog-ng users' and developers' mailing list Subject: Re: [syslog-ng] Starting syslog-ng as root
Muath Al Khalaf wrote:
Hi, I am using Redhat Enterprise 4. I am using the official rpm image built by Balabit for RHE 4 with their startup script. The executable did not return anything (at least in front of me inside console). For strace I do not know how to use it.
You may be having problems with SELinux. In RHEL4, CentOS, and Fedora Core 3 you need to enable the use_syslogng SELinux boolean before starting the syslog-ng daemon [1].
To check the use_syslogng boolean status
getsebool -a | grep syslogng
To enable it (and saving its value)
setsebool -P use_syslogng 1
jpo
[1] - you need to have the a recent selinux-policy-targeted -- José Pedro Oliveira * mailto: jpo@di.uminho.pt * http://gsd.di.uminho.pt/jpo * * gpg fingerprint = F9B6 8D87 859D 1C94 48F0 84C0 9749 9EB5 91BD 851B *
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
Hello all members! - We are discussion install syslog, syslogng (php, mysql) on the linux 9 system - I want you tell me step by steps install syslog, syslogng on linux (log client, server management log from client). - demo thanks __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
On Thu, 01 Jun 2006 18:36:44 PDT, Luong Xuan Thang said:
- We are discussion install syslog, syslogng (php, mysql) on the linux 9 system
I'm not sure what you mean by 'Linux 9", as the linux kernel itself is currently at 2.6.16. Most likely, you mean "release 9 of a linux *distribution*", and the most likely you mean 'RedHat 9'. If so, there's a very important "step zero". Step 0: *Do* *not* *use* RedHat 9.0. Consider using RedHat Enterprise Linux 4.0 (if you want a support contract), CentOS (a whiteboxed RHEL, no support, no cost)m or Fedora Core 5. RedHat 9.0 has not been supported by RedHat for quite some time, and has multiple *known* security holes that have no patches. Step 1: RHEL, CentOS, and Fedora all include recent, patched versions of php and mysql. Use the provided versions rather than trying to build your own.
Hello all members! - We are discussion install syslog, syslogng (php, mysql) on the linux 9 system - I want you tell me step by steps install syslog, syslogng on linux (log client, server management log from client). - demo thanks __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Hello all members! - We are discussion install syslog, syslogng (php, mysql) on the linux 9 system - I want you tell me step by steps install syslog, syslogng on linux (log client, server management log from client). - demo thanks __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Hello all members! - We are discussion install syslog, syslogng (php, mysql) on the linux 9 system - I want you tell me step by steps install syslog, syslogng on linux (log client, server management log from client). - demo thanks __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Hello all members! - We are discussion install syslog, syslogng (php, mysql) on the linux 9 system - I want you tell me step by steps install syslog, syslogng on linux (log client, server management log from client). - demo thanks __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
participants (4)
-
Luong Xuan Thang
-
Muath Al Khalaf
-
Pe5kyTac0
-
Valdis.Kletnieks@vt.edu