Jailing syslog-ng on OpenBSD 3.5
Hello. I'm having difficulty jailing syslog-ng under OpenBSD 3.5. My exact steps so far (after having added group _syslogng and user _syslogng): # mkdir -p /jail/sysng # mkdir -p /jail/sysng/usr/local/sbin # mkdir -p /jail/sysng/usr/lib # mkdir -p /jail/sysng/usr/libexec # mkdir -p /jail/sysng/dev # mkdir -p /jail/sysng/var/log # mkdir -p /jail/sysng/etc/syslog-ng # cp /usr/local/sbin/syslog-ng /jail/sysng/usr/local/sbin # cp /usr/lib/libc.so.30.3 /jail/sysng/usr/lib # cp /usr/libexec/ld.so /jail/sysng/usr/libexec # cp /etc/syslog-ng/syslog-ng.conf /jail/sysng/etc/syslog-ng/ # chown -R _syslogng._syslogng /jail/sysng # ln /dev/log /jail/sysng/dev/log I should explain that I installed syslog-ng from a package, as I have no access to a compiler on this machine (and my other machine is currently in pieces being repaired) - therefore I just moved the binaries into the jail. Running the command: # chroot -g _syslogng -u _syslogng /jail/sysng /usr/local/sbin/syslog-ng Does not give any errors, and log files are indeed created in /jail/var/log (as per the configuration file) - HOWEVER, nothing on the system is actually logged. Syslog-ng logs its own 'birth and death' but does not, for example, log mail or even the reboot command. Is there some glaring error here? The debugging output from syslog-ng gives no errors either, I'm lost as to where to go next to track down the problem. mark ps: I excluded my config as it's pretty much the stock sample config with uccp and ppp removed. If this is relevant, I will attach it to my next email.
Sorry, realised my mistake. I mistakenly thought that /dev/log was a static, everpresent device, I now realise that it is created and destroyed when the standard syslogd starts and exits, respectively. It appears I will have to run two versions of syslog-ng, with one chrooted in /jail and one running normally (under a different user). The one in /jail will be used to listen for logs coming in through TCP (this machine will be a loghost). I may return and answer my own questions in the future too. ;) mark On Mon, Jul 26, 2004 at 01:43:29PM +0100, markzero@logik.ath.cx wrote:
Hello.
I'm having difficulty jailing syslog-ng under OpenBSD 3.5.
My exact steps so far (after having added group _syslogng and user _syslogng):
# mkdir -p /jail/sysng # mkdir -p /jail/sysng/usr/local/sbin # mkdir -p /jail/sysng/usr/lib # mkdir -p /jail/sysng/usr/libexec # mkdir -p /jail/sysng/dev # mkdir -p /jail/sysng/var/log # mkdir -p /jail/sysng/etc/syslog-ng
# cp /usr/local/sbin/syslog-ng /jail/sysng/usr/local/sbin # cp /usr/lib/libc.so.30.3 /jail/sysng/usr/lib # cp /usr/libexec/ld.so /jail/sysng/usr/libexec # cp /etc/syslog-ng/syslog-ng.conf /jail/sysng/etc/syslog-ng/
# chown -R _syslogng._syslogng /jail/sysng # ln /dev/log /jail/sysng/dev/log
I should explain that I installed syslog-ng from a package, as I have no access to a compiler on this machine (and my other machine is currently in pieces being repaired) - therefore I just moved the binaries into the jail.
Running the command:
# chroot -g _syslogng -u _syslogng /jail/sysng /usr/local/sbin/syslog-ng
Does not give any errors, and log files are indeed created in /jail/var/log (as per the configuration file) - HOWEVER, nothing on the system is actually logged. Syslog-ng logs its own 'birth and death' but does not, for example, log mail or even the reboot command.
Is there some glaring error here? The debugging output from syslog-ng gives no errors either, I'm lost as to where to go next to track down the problem.
mark
ps: I excluded my config as it's pretty much the stock sample config with uccp and ppp removed. If this is relevant, I will attach it to my next email.
participants (1)
-
markzero@logik.ath.cx