[syslog-ng]syslog-ng 1.6.4 and tcp_wrappers

Amaral, Angelo syslog-ng@lists.balabit.hu
Tue, 27 Jul 2004 13:29:43 -0300


Ted

I look in my configuration:

$ strings /usr/lib/libwrap.a | grep twist
twist
twist %s to %s
twist_option: dup: %m
twist_option: /bin/sh: %m
twist option in resident process
twist_option

But in my Linux Redhat 3.1AS, tcpwrappers don=B4t work.
Please dou you help me.

Thanks,
Angelo Amaral

-----Original Message-----
From: syslog-ng-admin@lists.balabit.hu
[mailto:syslog-ng-admin@lists.balabit.hu]On Behalf Of Rule, Ted
Sent: ter=E7a-feira, 27 de julho de 2004 10:00
To: syslog-ng@lists.balabit.hu
Subject: RE: [syslog-ng]syslog-ng 1.6.4 and tcp_wrappers


An odd thing showed up on some of my Solaris boxes the other day, which =
might be pertinent.

Does the libwrap library definitely support :deny in the allow file? =
This is dependent on the library's compile time options, but may be =
checked with=20
strings libwrap.so | grep twist

For :deny support to exist in the library, there must be references to =
twist in the library.

e.g.:

$ strings /usr/lib/libwrap.a | grep twist
twist
twist option in resident process
twist %s to %s
twist_option: dup: %m
twist_option: /bin/sh: %m
twist_option
$

If there are no twist references, :deny cant be used in =
/etc/hosts.allow, but it's much worse than that.
If :deny appears in the allow file on a twistless library, the library =
interprets /etc/hosts.allow as if you'd said :allow.

Ouch.

It all boils down to use of -DPROCESS_OPTIONS at library compile time.



Ted


> -----Original Message-----
> From: syslog-ng-admin@lists.balabit.hu=20
> [mailto:syslog-ng-admin@lists.balabit.hu] On Behalf Of Amaral, Angelo
> Sent: Tuesday July 27 2004 13:49
> To: syslog-ng@lists.balabit.hu
> Subject: RE: [syslog-ng]syslog-ng 1.6.4 and tcp_wrappers
>=20
> Thanks, Musashino-shi.
>=20
> But, I don=B4t make syslog-ng works with tcpwrappers.
>=20
>=20
> **************************************************************
> *******************************************
> I show how I compile my syslog-ng:
>=20
> 1- Intall libnet (libnet-1.1.2.1-2.fc2.i386.rpm) in my linux=20
> RedHat 3.1AS.
>=20
> 2- Compile syslog-ng:
> # ./configure  --enable-tcp-wrapper --enable-sp
> oof-source
> loading cache ./config.cache
> checking for a BSD compatible install... (cached) /usr/bin/install -c
> checking whether build environment is sane... yes
> checking whether make sets ${MAKE}... (cached) yes
> checking for working aclocal-1.4... found
> checking for working autoconf... found
> checking for working automake-1.4... found
> checking for working autoheader... found
> checking for working makeinfo... found
> checking whether build environment is sane... yes
> checking for gcc... (cached) gcc
> checking whether the C compiler (gcc  ) works... yes
> checking whether the C compiler (gcc  ) is a cross-compiler... no
> checking whether we are using GNU C... (cached) yes
> checking whether gcc accepts -g... (cached) yes
> checking for gcc option to accept ANSI C... (cached) none needed
> checking for bison... (cached) bison -y
> checking how to run the C preprocessor... (cached) gcc -E
> checking for flex... (cached) flex
> checking for flex... (cached) flex
> checking for yywrap in -lfl... (cached) yes
> checking lex output file root... (cached) lex.yy
> checking whether yytext is a pointer... (cached) yes
> checking whether make sets ${MAKE}... (cached) yes
> checking for ANSI C header files... (cached) yes
> checking for malloc.h... (cached) yes
> checking for unistd.h... (cached) yes
> checking for door.h... (cached) no
> checking for stropts.h... (cached) yes
> checking for sys/strlog.h... (cached) no
> checking for stdarg.h... (cached) yes
> checking for sys/klog.h... (cached) yes
> checking for arpa/nameser.h... (cached) yes
> checking for tcpd.h... (cached) yes
> checking for working const... (cached) yes
> checking whether time.h and sys/time.h may both be=20
> included... (cached) yes
> checking for modern utmp... (cached) yes
> checking for global timezone variable... (cached) yes
> checking size of short... (cached) 2
> checking size of int... (cached) 4
> checking size of long... (cached) 4
> checking for I_CONSLOG... (cached) no
> checking for O_LARGEFILE... (cached) yes
> checking for res_init in <resolv.h>... (cached) yes
> checking for working alloca.h... (cached) yes
> checking for alloca... (cached) yes
> checking for vprintf... (cached) yes
> checking for res_init in -lresolv... (cached) no
> checking for __res_init in -lresolv... (cached) yes
> checking for door_create in -ldoor... (cached) no
> checking for socket in -lsocket... (cached) no
> checking for gethostbyname in -lnsl... (cached) yes
> checking for select... (cached) yes
> checking for snprintf... (cached) yes
> checking for vsnprintf... (cached) yes
> checking for strerror... (cached) yes
> checking for inet_aton... (cached) yes
> checking for strncpy... (cached) yes
> checking for getutent... (cached) yes
> checking for getopt_long... (cached) yes
> checking for strcasecmp... (cached) yes
> checking for strptime... (cached) yes
> checking for TCP wrapper library... (cached) -lwrap
> checking whether to enable Sun STREAMS support... no
> checking whether to enable Sun door support... no
> checking whether to enable TCP wrapper support... yes
> checking whether to enable spoof_source support... yes
> checking libol version >=3D 0.3.13... ok
> creating ./config.status
> creating Makefile
> creating src/Makefile
> creating src/tests/Makefile
> creating doc/Makefile
> creating doc/sgml/Makefile
> creating contrib/Makefile
> creating syslog-ng.spec
> creating src/config.h
> src/config.h is unchanged
>=20
> 3- Look ldd:
> # ldd /usr/local/sbin/syslog-ng
>         libnsl.so.1 =3D> /lib/libnsl.so.1 (0xb75c7000)
>         libresolv.so.2 =3D> /lib/libresolv.so.2 (0xb75b5000)
>         libwrap.so.0 =3D> /usr/lib/libwrap.so.0 (0xb75ac000)
>         libc.so.6 =3D> /lib/tls/libc.so.6 (0xb7475000)
>         /lib/ld-linux.so.2 =3D> /lib/ld-linux.so.2 (0xb75eb000)
>=20
> **************************************************************
> *******************************************
>=20
> And the configuration continue not working.
> May you help me, please.
>=20
> Thanks.
>=20
> Angelo Amaral
>=20
>=20
> -----Original Message-----
> From: syslog-ng-admin@lists.balabit.hu
> [mailto:syslog-ng-admin@lists.balabit.hu]On Behalf Of michihito
> matsubara
> Sent: s=E1bado, 24 de julho de 2004 00:01
> To: syslog-ng@lists.balabit.hu
> Subject: Re: [syslog-ng]syslog-ng 1.6.4 and tcp_wrappers
>=20
>=20
> Angelo
>=20
> On Thu, 22 Jul 2004 11:10:40 -0300
> Subject: RE: [syslog-ng]syslog-ng 1.6.4 and tcp_wrappers
> "Amaral, Angelo" <angelo.amaral@hp.com> wrote:
>=20
> Another senario.
> Have you ever run ldd against syslog-ng itself?
> This will show how syslog-ng linked against libwrap library or not.
>=20
> On my Linux box,
>=20
> $ ldd /sbin/syslog-ng
>         libnsl.so.1 =3D> /lib/libnsl.so.1 (0x40020000)
>         libresolv.so.2 =3D> /lib/libresolv.so.2 (0x40034000)
>         libwrap.so.0 =3D> /usr/lib/libwrap.so.0 (0x40044000)
>         libnet.so.2 =3D> /usr/lib/libnet1/libnet.so.2 (0x4004c000)
>         libc.so.6 =3D> /lib/libc.so.6 (0x4005e000)
>         /lib/ld-linux.so.2 =3D> /lib/ld-linux.so.2 (0x40000000)
>=20
> And, on my FreeBSD box,
>=20
> % ldd /usr/local/sbin/syslog-ng
> /usr/local/sbin/syslog-ng:
>         libwrap.so.3 =3D> /usr/lib/libwrap.so.3 (0x2807c000)
>         libc.so.4 =3D> /usr/lib/libc.so.4 (0x28084000)
>=20
>=20
> HTH
> mitch
>=20
>=20
> > Andrew,
> >=20
> > I put in my system, the hosts.allow below:
> >=20
> >=20
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> ++++++++++++++++
> >=20
> > # hosts.allow   This file describes the names of the hosts which are
> > #               allowed to use the local INET services, as decided
> > #               by the '/usr/sbin/tcpd' server.
> > #
> >=20
> > in.tftpd:       ALL     :allow
> > sshd:           ALL     :allow
> > ALL:            ALL     :deny
> >=20
> >=20
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> ++++++++++++++++
> >=20
> > And the configuration continue not working.
> > May you help me, please.
> >=20
> > Thanks.
>=20
> --=20
> Musashino-shi, Tokyo, Japan
> K12LTSP in Japanese ; http://open-mitch.dyndns.org/k12ltsp/
>=20
> _______________________________________________
> syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>=20
> _______________________________________________
> syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>=20
>=20
>=20


*************************************************************************=
***********************
This E-mail message, including any attachments, is intended only for the =
person
or entity to which it is addressed, and may contain confidential =
information.
If you are not the intended recipient, any review, retransmission, =
disclosure,
copying, modification or other use of this E-mail message or attachments =
is
strictly forbidden.
If you have received this E-mail message in error, please contact the =
author and
delete the message and any attachments from your computer.
You are also advised that the views and opinions expressed in this =
E-mail
message and any attachments are the author's own, and may not reflect =
the views
and opinions of FLEXTECH Television Limited.
*************************************************************************=
***********************

_______________________________________________
syslog-ng maillist  -  syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html