[syslog-ng] Syslog-ng not working with tcp_wrappers
w3euu
w3euu at arrl.net
Fri Mar 13 16:30:51 CET 2009
-----Original Message-----
From: Liam Kirsher [mailto:liamk at numenet.com]
Sent: Thursday, March 12, 2009 4:41 PM
To: syslog-ng at lists.balabit.hu
Subject: [syslog-ng] Syslog-ng not working with tcp_wrappers
Syslog-ng doesn't seem to be respecting tcp_wrappers security.
I compiled syslog-ng (v. 3) with
$ ./configure --sysconfdir=/etc/syslog-ng/ --enable-tcp-wrapper --
enable-sql --enable-dynamic-linking
Although, I do notice this warning in config.log:
configure:7282: gcc -o conftest -g -O2 -Wall conftest.c -lwrap >&5
conftest.c: In function 'main':
conftest.c:43: warning: control reaches end of non-void function
configure:7288: $? = 0
configure:7309: result: -lwrap
However, the compile is successful.
My hosts.allow file is:
#
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
sshd: ALL
#syslog-ng: localhost, p3.mydomain.com, p4.mydomain.com
#
# hosts.deny This file describes the names of the hosts which are
# *not* allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
ALL: ALL
Note that the syslog-ng process is commented out, but syslog-ng still
works. Apparently, it's not checking the hosts.* files.
Any idea ?
Liam
You need to get rid of the ALL: ALL line which allows everything from
everywhere.
______________________________________________________________________________
This email has been scanned at wxwatcher.com and is believed to be virus free.
More information about the syslog-ng
mailing list