[syslog-ng]tcp wrapper support on FreeBSD 5.0

Balazs Scheidler syslog-ng@lists.balabit.hu
Thu, 22 May 2003 10:13:48 +0200


On Wed, May 21, 2003 at 11:27:04AM -0500, Mike Thomas wrote:
> Hello,
> 
> I recently discovered the wonders and joys of syslog-ng, and have been 
> attempting to get tcp wrapper support to work, and unfortunately, to no 
> avail.
> 
> What I am experiencing is simply it is not working, I wish I could provide a 
> more descriptive and detailed 'error', but it just simply won't block denied 
> hosts.
> 
> Here's the relevent output from ./configure, etc.
> 
> ./configure --prefix=/usr --enable-tcp-wrapper 
> 
> checking for tcpd.h... yes
> checking for TCP wrapper library... -lwrap
> checking whether to enable Sun STREAMS support... no
> checking whether to enable Sun door support... no
> checking whether to enable TCP wrapper support... yes
> 
> As you can see, tcp wrapper support was sucessfully compiled in. I did not 
> have any issues/warnings/errors while compiling. Everything looked good on 
> that end.
> 
> Here's the relevant entries from /etc/hosts.allow (I don't use hosts.deny, all 
> my entries are in hosts.allow, both deny and allow)
> 
> syslog-ng: draco.cems.umn.edu, centaurus.cems.umn.edu, lupus.cems.umn.edu, 
> cygnus.cems.umn.edu, orion.cems.umn.edu, gemini.cems.umn.edu, 
> crux.cems.umn.edu, mozart.cems.umn.edu, : ALLOW
> 
> syslogng: draco.cems.umn.edu, centaurus.cems.umn.edu, lupus.cems.umn.edu, 
> cygnus.cems.umn.edu, orion.cems.umn.edu, gemini.cems.umn.edu, 
> crux.cems.umn.edu, mozart.cems.umn.edu : ALLOW
> 
> 
> #deny *EVERYTHING* else
> 
> ALL : ALL : DENY
> 
> I've used tcpdmatch to verify that the rules are being examined and caught in 
> the right fashion and, they are. Here's the output of tcpdmatch for instance:
> 
> loki:root(~/syslog-ng/syslog-ng-1.6.0rc3)# tcpdmatch syslog-ng 
> oberlin.cems.umn.edu
> 
> warning: syslog-ng: no such process name in /etc/inetd.conf
> client:   hostname oberlin.cems.umn.edu
> client:   address  134.84.165.104
> server:   process  syslog-ng
> matched:  /etc/hosts.allow line 25
> option:   DENY
> access:   denied
> 
> Line 25 is the ALL: ALL : DENY
> 
> loki:root(~/syslog-ng/syslog-ng-1.6.0rc3)# tcpdmatch syslog-ng 
> mozart.cems.umn.edu
> warning: syslog-ng: no such process name in /etc/inetd.conf
> client:   hostname mozart.cems.umn.edu
> client:   address  134.84.164.249
> server:   process  syslog-ng
> matched:  /etc/hosts.allow line 20
> option:   ALLOW
> access:   granted
> 
> Line 20 is the syslog-ng: etc... line
> 
> I have also used strace and truss on the syslog-ng binary and discovered that 
> it is sucessfully making a call to the libwrap library, but it doesn't read 
> hosts.allow/hosts.deny (I'm not sure if its supposed to or not).
> 
> As far as how I have syslog-ng setup, I have it running on the default udp 
> port, 514, bound to a specific ip which is not the main ip of the machine, 
> but setup as a virtual interface, in linux it would be known as eth0:0, BSD 
> just regards it as a second ip. Syslog-ng itself functions perfectly, 
> accepting remote connections and the whole nine yards, it just simply refuses 
> to work with tcp wrappers.

The TCP wrapper code has been contributed and I do not use it myself.
Checking the source it seems that it is applied to TCP based connections
only. I don't know however how it would behave if it would be applied to
each incoming UDP packet (as they might each have a different source IP),
though the results could be cached, but there's no such code in place.

-- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1