[syslog-ng] TCP Wrappers

Balazs Scheidler bazsi at balabit.hu
Fri Jul 11 11:59:02 CEST 2008


On Wed, 2008-07-09 at 12:33 -0400, Mike wrote:
> 
> On Wed, 9 Jul 2008, Balazs Scheidler wrote:
> 
> > On Wed, 2008-07-09 at 09:57 -0400, Mike wrote:
> >> hello all,
> >>
> >> it seems that TCP Wrappers can be enabled by default when compiling
> >> syslog-ng 2.0.9, despite what the documentation says.
> >>
> >> From what I can see, the configure script looks for the existance of
> >> the libwrap libraries, and if they exist it will enable support (added in
> >> syslog-ng 2.0.3).
> >>
> >> would it be possible to either update the documents to mention that
> >> libwrap is not disabled by default, or maybe make it so you do actually
> >> have to manually enable libwrap?
> >>
> >> (compiling on RedHat ES4, which has the libwrap devel libraries)
> >
> > What's wrong with enabling tcp wrappers by default?
> >
> 
> enabling by default is OK, it would just be nice if the docs were 
> updated to reflect this.
> (the INSTALL file, and 
> http://www.balabit.com/network-security/syslog-ng/opensource-logging-system/compiling/ 
> say "--enable-tcp-wrapper Enable using /etc/hosts.deny and 
> /etc/hosts.allow for TCP access (disabled by default).")
> 
> when compiling it does print out that it is enabling TCP Wrappers with 
> this line:
> checking whether to enable TCP wrapper support... yes
> 
> but I completely missed it when it scrolled by.
> 
> the only reason I bring it up is because I recently moved from 1.6.x to 
> 2.0.9, and on the vast majority of my machines this upgrade went smoothly, 
> but I did have problems on those with TCP Wrappers enabled because it did 
> not even occour to me to watch for this.
> 
> 
> maybe changing the option from --enable-tcp-wrapper to 
> --disable-tcp-wrapper would be good, so people could have a way disable it 
> with out having to hand modify some compile scripts.

You can use all --enable options as --disable options, so
--disable-tcp-wrapper works.

The default is not to enable, but to autodetect it, supplying a
--disable-tcp-wrappers option will disable autodetection, but that's the
way all arguments work basically.

I'll let the documentation people know that this should be fixed.

-- 
Bazsi



More information about the syslog-ng mailing list