[syslog-ng] Starting syslog-ng as root

Pe5kyTac0 peskytaco at speedband.com
Mon May 29 18:22:38 CEST 2006 

>Do you think it is better to run syslog-ng with or without SELinux

Consider the following:

1) SELinux goal is to contain the attacker if the case of a compromise.
2) SELinux takes a lot of work to setup. Since you are also adding both
MySQL and PHP-syslog-ng it will take even more work.
3) Once you have it setup, do you have a way to easily rebuld the same
configuration if needed?

Hence consider the following formula.

better = ("level of effort" (1-10)/"ease of rebuild"(1-10)) * "time
available"(estimated hours) / "estimated risk of compromise"(1-10) *
"required level of risk adversion (include legal requirements)"(1-10)*
"Risk of position in case attack"(1-10)

Hence if you have the time to learn SELinux and and have high
requirements to contain any successful attacks, then SELinux is better.

If you don't have a lot of time and don't have high requirements and
can easily rebuild the system if it's compromised then don't worry about
SELinux.

Hence "better" is all about your risks and the tradeoffs you need to make.


-- 
Pe5ky Tac0
--------------
Yum, Fish Tacos !!


Muath Al Khalaf wrote:
> Thank you very much. I have disabled SELinux and every thing goes fine. Do you think it is better to run syslog-ng with or without SELinux especially that I may use MySQL and PHP-syslog-ng?
> 
> Kind regards
> 
>  
> 
> -----Original Message-----
> From: syslog-ng-bounces at lists.balabit.hu [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Jose Pedro Oliveira
> Sent: Saturday, May 27, 2006 6:59 PM
> To: Syslog-ng users' and developers' mailing list
> Subject: Re: [syslog-ng] Starting syslog-ng as root
> 
> Muath Al Khalaf wrote:
> 
>>>Hi,
>>>I am using Redhat Enterprise 4. I am using the official rpm image built
>>>by Balabit for RHE 4 with their startup script. The executable did not
>>>return anything (at least in front of me inside console). For strace I
>>>do not know how to use it.
> 
> 
> You may be having problems with SELinux.  In RHEL4, CentOS, and Fedora
> Core 3 you need to enable the use_syslogng SELinux boolean before
> starting the syslog-ng daemon [1].
> 
> To check the use_syslogng boolean status
> 
>   getsebool -a | grep syslogng
> 
> To enable it (and saving its value)
> 
>   setsebool -P use_syslogng 1
> 
> 
> jpo
> 
> [1] - you need to have the a recent selinux-policy-targeted
> --
> José Pedro Oliveira
> * mailto: jpo at di.uminho.pt * http://gsd.di.uminho.pt/jpo *
> * gpg fingerprint = F9B6 8D87 859D 1C94 48F0 84C0 9749 9EB5 91BD 851B *

_______________________________________________
syslog-ng maillist  -  syslog-ng at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html

More information about the syslog-ng mailing list