[syslog-ng]tcp wrapper support on FreeBSD 5.0
Balazs Scheidler
syslog-ng@lists.balabit.hu
Thu, 22 May 2003 10:13:48 +0200
On Wed, May 21, 2003 at 11:27:04AM -0500, Mike Thomas wrote:
> Hello,
>
> I recently discovered the wonders and joys of syslog-ng, and have been
> attempting to get tcp wrapper support to work, and unfortunately, to no
> avail.
>
> What I am experiencing is simply it is not working, I wish I could provide a
> more descriptive and detailed 'error', but it just simply won't block denied
> hosts.
>
> Here's the relevent output from ./configure, etc.
>
> ./configure --prefix=/usr --enable-tcp-wrapper
>
> checking for tcpd.h... yes
> checking for TCP wrapper library... -lwrap
> checking whether to enable Sun STREAMS support... no
> checking whether to enable Sun door support... no
> checking whether to enable TCP wrapper support... yes
>
> As you can see, tcp wrapper support was sucessfully compiled in. I did not
> have any issues/warnings/errors while compiling. Everything looked good on
> that end.
>
> Here's the relevant entries from /etc/hosts.allow (I don't use hosts.deny, all
> my entries are in hosts.allow, both deny and allow)
>
> syslog-ng: draco.cems.umn.edu, centaurus.cems.umn.edu, lupus.cems.umn.edu,
> cygnus.cems.umn.edu, orion.cems.umn.edu, gemini.cems.umn.edu,
> crux.cems.umn.edu, mozart.cems.umn.edu, : ALLOW
>
> syslogng: draco.cems.umn.edu, centaurus.cems.umn.edu, lupus.cems.umn.edu,
> cygnus.cems.umn.edu, orion.cems.umn.edu, gemini.cems.umn.edu,
> crux.cems.umn.edu, mozart.cems.umn.edu : ALLOW
>
>
> #deny *EVERYTHING* else
>
> ALL : ALL : DENY
>
> I've used tcpdmatch to verify that the rules are being examined and caught in
> the right fashion and, they are. Here's the output of tcpdmatch for instance:
>
> loki:root(~/syslog-ng/syslog-ng-1.6.0rc3)# tcpdmatch syslog-ng
> oberlin.cems.umn.edu
>
> warning: syslog-ng: no such process name in /etc/inetd.conf
> client: hostname oberlin.cems.umn.edu
> client: address 134.84.165.104
> server: process syslog-ng
> matched: /etc/hosts.allow line 25
> option: DENY
> access: denied
>
> Line 25 is the ALL: ALL : DENY
>
> loki:root(~/syslog-ng/syslog-ng-1.6.0rc3)# tcpdmatch syslog-ng
> mozart.cems.umn.edu
> warning: syslog-ng: no such process name in /etc/inetd.conf
> client: hostname mozart.cems.umn.edu
> client: address 134.84.164.249
> server: process syslog-ng
> matched: /etc/hosts.allow line 20
> option: ALLOW
> access: granted
>
> Line 20 is the syslog-ng: etc... line
>
> I have also used strace and truss on the syslog-ng binary and discovered that
> it is sucessfully making a call to the libwrap library, but it doesn't read
> hosts.allow/hosts.deny (I'm not sure if its supposed to or not).
>
> As far as how I have syslog-ng setup, I have it running on the default udp
> port, 514, bound to a specific ip which is not the main ip of the machine,
> but setup as a virtual interface, in linux it would be known as eth0:0, BSD
> just regards it as a second ip. Syslog-ng itself functions perfectly,
> accepting remote connections and the whole nine yards, it just simply refuses
> to work with tcp wrappers.
The TCP wrapper code has been contributed and I do not use it myself.
Checking the source it seems that it is applied to TCP based connections
only. I don't know however how it would behave if it would be applied to
each incoming UDP packet (as they might each have a different source IP),
though the results could be cached, but there's no such code in place.
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1