[syslog-ng]FAQ-seeding: chroot jail procedure for Syslog-ng

Nate Campi syslog-ng@lists.balabit.hu
Mon, 17 Jan 2005 16:27:57 -0800 

Hello Mick,

If you have another version of this you'd like me to post, let me know.
I'm in a FAQ updating mood (I'm supposed to be writing my book so for
some reason this has my attention instead, man I'm lame).

On Mon, Aug 16, 2004 at 12:55:30PM -0500, Michael D. (Mick) Bauer wrote:
> Thanks! I'll post a revised procedure later this week -- replies
> have been trickling in.
> 
> Cheers,
> Mick
> 
> > On Sun, 15 Aug 2004 14:21:27 -0500 (CDT)
> > "Michael D. (Mick) Bauer" <darth.elmo@wiremonkeys.org> wrote:
> >
> >> So far I haven't noticed that anything else needs to be added to
> >> the chroot jail (e.g., stuff from /dev or /etc), but if anyone
> >> knows differently please speak up!
> >
> > Mick,
> >
> > It's been awhile since I last setup syslog-ng in a chroot jail,
> > but according to my notes I did the following on a recent Linux
> > box:
> >
> >   o copied the follow files to /path/to/chroot/lib:
> >
> >     libnss_dns.so.2
> >     libnss_files.so.2
> >     libresolv.so.2
> >     libnsl.so.2
> >     libc.so.6
> >     ld-linux.so.2
> >
> >     the first of which, being the one that seemed to actually be
> >     required for correct operation in my case.  I believe the
> > others were just referenced libraries, but not actually
> > called.
> >
> >   o copied the following to /path/to/chroot/etc
> >
> >     nsswitch.conf
> >     resolv.conf
> >     `grep syslogng passwd`
> >     `grep syslogng group`
> >
> >     the last two being whatever user/group you used to run
> > syslog-ng as.
> >
> > John
> > _______________________________________________
> > syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> > https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Frequently asked questions at
> > http://www.campin.net/syslog-ng/faq.html
> 
> 
> /-------------------------------------------------\
> | Michael D. (Mick) Bauer                         |
> | Security Editor, Linux Journal                  |
> | Dir. of Value-Subtracted Svcs., Wiremonkeys.org |
> \-------------------------------------------------/
> 
> 
> _______________________________________________
> syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
> 

-- 
Nate

God does not play dice.
            -- Einstein