[syslog-ng] Syslog-ng not working with tcp_wrappers

Liam Kirsher liamk at numenet.com
Thu Mar 12 21:40:35 CET 2009


Syslog-ng doesn't seem to be respecting tcp_wrappers security.

I compiled syslog-ng (v. 3) with
$ ./configure --sysconfdir=/etc/syslog-ng/ --enable-tcp-wrapper -- 
enable-sql --enable-dynamic-linking

Although, I do notice this warning in config.log:
configure:7282: gcc -o conftest -g -O2 -Wall   conftest.c  -lwrap >&5
conftest.c: In function 'main':
conftest.c:43: warning: control reaches end of non-void function
configure:7288: $? = 0
configure:7309: result: -lwrap

However, the compile is successful.


My hosts.allow file is:
#
# hosts.allow	This file describes the names of the hosts which are
#		allowed to use the local INET services, as decided
#		by the '/usr/sbin/tcpd' server.
#
sshd: ALL
#syslog-ng: localhost, p3.mydomain.com, p4.mydomain.com

#
# hosts.deny	This file describes the names of the hosts which are
#		*not* allowed to use the local INET services, as decided
#		by the '/usr/sbin/tcpd' server.
ALL: ALL

Note that the syslog-ng process is commented out, but syslog-ng still  
works.  Apparently, it's not checking the hosts.* files.

Any idea ?

Liam


More information about the syslog-ng mailing list