[syslog-ng]tcp wrapper support on FreeBSD 5.0

Mike Thomas syslog-ng@lists.balabit.hu
Wed, 21 May 2003 11:27:04 -0500 

Hello,

I recently discovered the wonders and joys of syslog-ng, and have been 
attempting to get tcp wrapper support to work, and unfortunately, to no 
avail.

What I am experiencing is simply it is not working, I wish I could provide a 
more descriptive and detailed 'error', but it just simply won't block denied 
hosts.

Here's the relevent output from ./configure, etc.

./configure --prefix=/usr --enable-tcp-wrapper 

checking for tcpd.h... yes
checking for TCP wrapper library... -lwrap
checking whether to enable Sun STREAMS support... no
checking whether to enable Sun door support... no
checking whether to enable TCP wrapper support... yes

As you can see, tcp wrapper support was sucessfully compiled in. I did not 
have any issues/warnings/errors while compiling. Everything looked good on 
that end.

Here's the relevant entries from /etc/hosts.allow (I don't use hosts.deny, all 
my entries are in hosts.allow, both deny and allow)

syslog-ng: draco.cems.umn.edu, centaurus.cems.umn.edu, lupus.cems.umn.edu, 
cygnus.cems.umn.edu, orion.cems.umn.edu, gemini.cems.umn.edu, 
crux.cems.umn.edu, mozart.cems.umn.edu, : ALLOW

syslogng: draco.cems.umn.edu, centaurus.cems.umn.edu, lupus.cems.umn.edu, 
cygnus.cems.umn.edu, orion.cems.umn.edu, gemini.cems.umn.edu, 
crux.cems.umn.edu, mozart.cems.umn.edu : ALLOW


#deny *EVERYTHING* else

ALL : ALL : DENY

I've used tcpdmatch to verify that the rules are being examined and caught in 
the right fashion and, they are. Here's the output of tcpdmatch for instance:

loki:root(~/syslog-ng/syslog-ng-1.6.0rc3)# tcpdmatch syslog-ng 
oberlin.cems.umn.edu

warning: syslog-ng: no such process name in /etc/inetd.conf
client:   hostname oberlin.cems.umn.edu
client:   address  134.84.165.104
server:   process  syslog-ng
matched:  /etc/hosts.allow line 25
option:   DENY
access:   denied

Line 25 is the ALL: ALL : DENY

loki:root(~/syslog-ng/syslog-ng-1.6.0rc3)# tcpdmatch syslog-ng 
mozart.cems.umn.edu
warning: syslog-ng: no such process name in /etc/inetd.conf
client:   hostname mozart.cems.umn.edu
client:   address  134.84.164.249
server:   process  syslog-ng
matched:  /etc/hosts.allow line 20
option:   ALLOW
access:   granted

Line 20 is the syslog-ng: etc... line

I have also used strace and truss on the syslog-ng binary and discovered that 
it is sucessfully making a call to the libwrap library, but it doesn't read 
hosts.allow/hosts.deny (I'm not sure if its supposed to or not).

As far as how I have syslog-ng setup, I have it running on the default udp 
port, 514, bound to a specific ip which is not the main ip of the machine, 
but setup as a virtual interface, in linux it would be known as eth0:0, BSD 
just regards it as a second ip. Syslog-ng itself functions perfectly, 
accepting remote connections and the whole nine yards, it just simply refuses 
to work with tcp wrappers.

Thanks in advance for your help,

--Mike