[syslog-ng] TCP Wrappers
Mike
mike at jeke.fdns.net
Wed Jul 9 18:33:43 CEST 2008
On Wed, 9 Jul 2008, Balazs Scheidler wrote:
> On Wed, 2008-07-09 at 09:57 -0400, Mike wrote:
>> hello all,
>>
>> it seems that TCP Wrappers can be enabled by default when compiling
>> syslog-ng 2.0.9, despite what the documentation says.
>>
>> From what I can see, the configure script looks for the existance of
>> the libwrap libraries, and if they exist it will enable support (added in
>> syslog-ng 2.0.3).
>>
>> would it be possible to either update the documents to mention that
>> libwrap is not disabled by default, or maybe make it so you do actually
>> have to manually enable libwrap?
>>
>> (compiling on RedHat ES4, which has the libwrap devel libraries)
>
> What's wrong with enabling tcp wrappers by default?
>
enabling by default is OK, it would just be nice if the docs were
updated to reflect this.
(the INSTALL file, and
http://www.balabit.com/network-security/syslog-ng/opensource-logging-system/compiling/
say "--enable-tcp-wrapper Enable using /etc/hosts.deny and
/etc/hosts.allow for TCP access (disabled by default).")
when compiling it does print out that it is enabling TCP Wrappers with
this line:
checking whether to enable TCP wrapper support... yes
but I completely missed it when it scrolled by.
the only reason I bring it up is because I recently moved from 1.6.x to
2.0.9, and on the vast majority of my machines this upgrade went smoothly,
but I did have problems on those with TCP Wrappers enabled because it did
not even occour to me to watch for this.
maybe changing the option from --enable-tcp-wrapper to
--disable-tcp-wrapper would be good, so people could have a way disable it
with out having to hand modify some compile scripts.
cheers,
Mike
More information about the syslog-ng
mailing list