[syslog-ng] Compiling syslog-ng 3.01 on CentOS 5.2
Balazs Scheidler
bazsi at balabit.hu
Sun Feb 15 10:01:41 CET 2009
On Fri, 2009-02-13 at 13:52 -0800, Liam Kirsher wrote:
> Hi --
>
> Just thought this might be useful to someone who is compiling on
> CentOS. There were a few minor issues that came up, but otherwise it
> went pretty smoothly.
>
> Documentation says to use this --
> PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:$PKG_CONFIG_PATH
> However, using that I ended up with a colon at the end, which didn't
> work, and which I didn't catch immediately...
> PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:
> Also, I needed to export --
> export PKG_CONFIG_PATH
> Maybe it could be
> export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/usr/local/lib/pkgconfig
>
> I did have to install newer versions of libdbi and libdbi-drivers, from
> http://libdbi.sourceforge.net/
> For libdbi-drivers, remember to specify which ones you want during
> configuration: ./configure --with-pgqsl
>
> After that, this worked:
> LIBDBI_CFLAGS=-I/usr/local/include LIBDBI_LIBS="-L/usr/local/lib -ldbi"
> ./configure --sysconfdir=/etc/syslog-ng/ --enable-tcp-wrapper
> --enable-sql --enable-dynamic-linking
> (Make sure to link with libs/dirs for my newly installed libdbi which
> were in /usr/local/include and /usr/local/lib, not the system default
> ones if they were already installed.)
>
> Note that this installs the executables in the default location, which
> is /usr/local, but looks for the configuration file in the standard
> place, /etc/syslog-ng/.
> I adjusted the /etc/init.d/syslog-ng file so it would use the executable
> in /usr/local/sbin:
> exec="/usr/local/sbin/syslog-ng"
>
> Also, I needed to run ldconfig so that syslog-ng would find
> libevtlog.so.0 in /usr/local/lib.
>
> At that point, I was able to start using the previous (v. 1.6)
> configuration file, albeit with warnings.
>
> This is a Linux system, and initially I added --enable-linux-caps to the
> configure line, although I wasn't sure what that would do. I got an
> error and so, removed it. What exactly are linux-caps? Should I go
> back and try to re-compile with that option?
This enables support for Linux capabilities. It is a means to restrict
'root' privileges to the minimum subset.
Here is a list of articles that seem to be explaining what it is after
performing a quick google search:
http://www.linuxjournal.com/article/5737
http://linux.die.net/man/7/capabilities
The point is that syslog-ng drops all unnecessary capabilities during
its operation. And the ones it keeps are not in effect during normal
operation, they are enabled when it strictly needs them.
A further step in securing syslog-ng is to use a non-root user, with
capability support it is possible to initialize the configuration that
requires root-level access, even with using syslog-ng as non-root.
However --user/--group option is currently broken in 3.0.1, but already
fixed in the git repository.
--
Bazsi
More information about the syslog-ng
mailing list