[syslog-ng] Compiled 3.0.3 on CentOS 5.3 with spoof source - not working

Scott Ware scottdware at gmail.com
Tue Jul 21 12:35:51 CEST 2009 

Here is the output that I get from running "strace":

execve("/usr/local/sbin/syslog-ng", ["/usr/local/sbin/syslog-ng"], [/* 22
vars */]) = 0
brk(0)                                  = 0x8814000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or
directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=41643, ...}) = 0
mmap2(NULL, 41643, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f70000
close(3)                                = 0
open("/lib/librt.so.1", O_RDONLY)       = 3
read(3,
"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200\10\215\0004\0\0\0"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=44060, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7f6f000
mmap2(0x8cf000, 33324, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0)
= 0x8cf000
mmap2(0x8d6000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6) = 0x8d6000
close(3)                                = 0
open("/lib/libnsl.so.1", O_RDONLY)      = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0
\361\335\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=101404, ...}) = 0
mmap2(0xddc000, 92104, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0)
= 0xddc000
mmap2(0xdef000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12) = 0xdef000
mmap2(0xdf1000, 6088, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xdf1000
close(3)                                = 0
open("/lib/libglib-2.0.so.0", O_RDONLY) = 3
read(3,
"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`m\216\0004\0\0\0"..., 512)
= 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=644472, ...}) = 0
mmap2(0x8da000, 646636, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0x8da000
mmap2(0x977000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x9c) = 0x977000
close(3)                                = 0
open("/usr/lib/libevtlog.so.0", O_RDONLY) = 3
read(3,
"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\17\0\0004\0\0\0"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=12044, ...}) = 0
mmap2(NULL, 14988, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0xb2b000
mmap2(0xb2e000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2) = 0xb2e000
close(3)                                = 0
open("/lib/libwrap.so.0", O_RDONLY)     = 3
read(3,
"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300=\207\0004\0\0\0"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=32824, ...}) = 0
mmap2(0x872000, 32188, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0)
= 0x872000
mmap2(0x879000, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x7) = 0x879000
close(3)                                = 0
open("/lib/libc.so.6", O_RDONLY)        = 3
read(3,
"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320\37t\0004\0\0\0"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1606808, ...}) = 0
mmap2(0x72c000, 1324452, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0x72c000
mmap2(0x86a000, 12288, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x13e) = 0x86a000
mmap2(0x86d000, 9636, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x86d000
close(3)                                = 0
open("/lib/libpthread.so.0", O_RDONLY)  = 3
read(3,
"\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0000X\212\0004\0\0\0"...,
512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=125612, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7f6e000
mmap2(0x8a1000, 90592, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0)
= 0x8a1000
mmap2(0x8b4000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12) = 0x8b4000
mmap2(0x8b6000, 4576, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x8b6000
close(3)                                = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7f6d000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7f6d6c0, limit:1048575,
seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1,
seg_not_present:0, useable:1}) = 0
mprotect(0x8b4000, 4096, PROT_READ)     = 0
mprotect(0x86a000, 8192, PROT_READ)     = 0
mprotect(0xdef000, 4096, PROT_READ)     = 0
mprotect(0x8d6000, 4096, PROT_READ)     = 0
mprotect(0x723000, 4096, PROT_READ)     = 0
munmap(0xb7f70000, 41643)               = 0
set_tid_address(0xb7f6d708)             = 16916
set_robust_list(0xb7f6d710, 0xc)        = 0
futex(0xbfb87584, FUTEX_WAKE_PRIVATE, 1) = 0
rt_sigaction(SIGRTMIN, {0x8a53d0, [], SA_SIGINFO}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {0x8a52e0, [], SA_RESTART|SA_SIGINFO}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
getrlimit(RLIMIT_STACK, {rlim_cur=10240*1024, rlim_max=RLIM_INFINITY}) = 0
uname({sys="Linux", node="L0982iappv0100.ius.meijer.com", ...}) = 0
brk(0)                                  = 0x8814000
brk(0x8835000)                          = 0x8835000
gettimeofday({1248172733, 541317}, NULL) = 0
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...})
= 0
ioctl(0, TIOCNOTTY)                     = 0
setsid()                                = 16916
setrlimit(RLIMIT_NOFILE, {rlim_cur=4*1024, rlim_max=4*1024}) = 0
pipe([3, 4])                            = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD,
child_tidptr=0xb7f6d708) = 16917
close(4)                                = 0
read(3, "0\n", 6)                       = 2
close(3)                                = 0
exit_group(0)                           = ?


On Tue, Jul 21, 2009 at 5:04 AM, Balazs Scheidler <bazsi at balabit.hu> wrote:

> On Sun, 2009-07-19 at 12:10 -0400, Scott Ware wrote:
> > I have SELinux disabled, and I am running it as root.
> >
>
> then please run strace on the syslog-ng process to see why it gets
> permission denied problems.
>
>
> > On Thu, Jul 16, 2009 at 6:13 PM, Balazs Scheidler <bazsi at balabit.hu>
> > wrote:
> >
> >         On Tue, 2009-07-14 at 08:30 -0400, Scott Ware wrote:
> >         > So, I complied Syslog-ng with the --enable-spoof-source
> >         option, and
> >         > everything installed fine. However, when I have the
> >         spoof_source(yes)
> >         > option in the config file, nothing gets re-directed to my
> >         logging
> >         > destination.
> >         >
> >         > If I take the option out, everything gets re-directed. Can
> >         you
> >         > possible help me? Thanks!
> >
> >
> >         hmm.. does syslog-ng have the necessary permissions. SELinux
> >         comes to my
> >         mind.
>
> >
> --
> Bazsi
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20090721/f7f423e9/attachment.htm

More information about the syslog-ng mailing list