[syslog-ng] TCP Wrappers
Balazs Scheidler
bazsi at balabit.hu
Fri Jul 11 11:59:02 CEST 2008
On Wed, 2008-07-09 at 12:33 -0400, Mike wrote:
>
> On Wed, 9 Jul 2008, Balazs Scheidler wrote:
>
> > On Wed, 2008-07-09 at 09:57 -0400, Mike wrote:
> >> hello all,
> >>
> >> it seems that TCP Wrappers can be enabled by default when compiling
> >> syslog-ng 2.0.9, despite what the documentation says.
> >>
> >> From what I can see, the configure script looks for the existance of
> >> the libwrap libraries, and if they exist it will enable support (added in
> >> syslog-ng 2.0.3).
> >>
> >> would it be possible to either update the documents to mention that
> >> libwrap is not disabled by default, or maybe make it so you do actually
> >> have to manually enable libwrap?
> >>
> >> (compiling on RedHat ES4, which has the libwrap devel libraries)
> >
> > What's wrong with enabling tcp wrappers by default?
> >
>
> enabling by default is OK, it would just be nice if the docs were
> updated to reflect this.
> (the INSTALL file, and
> http://www.balabit.com/network-security/syslog-ng/opensource-logging-system/compiling/
> say "--enable-tcp-wrapper Enable using /etc/hosts.deny and
> /etc/hosts.allow for TCP access (disabled by default).")
>
> when compiling it does print out that it is enabling TCP Wrappers with
> this line:
> checking whether to enable TCP wrapper support... yes
>
> but I completely missed it when it scrolled by.
>
> the only reason I bring it up is because I recently moved from 1.6.x to
> 2.0.9, and on the vast majority of my machines this upgrade went smoothly,
> but I did have problems on those with TCP Wrappers enabled because it did
> not even occour to me to watch for this.
>
>
> maybe changing the option from --enable-tcp-wrapper to
> --disable-tcp-wrapper would be good, so people could have a way disable it
> with out having to hand modify some compile scripts.
You can use all --enable options as --disable options, so
--disable-tcp-wrapper works.
The default is not to enable, but to autodetect it, supplying a
--disable-tcp-wrappers option will disable autodetection, but that's the
way all arguments work basically.
I'll let the documentation people know that this should be fixed.
--
Bazsi
More information about the syslog-ng
mailing list