[syslog-ng] prevent syslog-ng to collect syslogd messages
Matthew Hall
mhall at mhcomputing.net
Tue Jul 27 18:29:33 CEST 2010
On Tue, Jul 27, 2010 at 10:34:58AM +0200, Hoenig, Stefan, VF-Group wrote:
> Hi Guys,
Hallo Stefan,
> we use syslog-ng to collect application logs and still use the
> standard syslogd for system logging.
> The problem is that we want to prevent that they can also configure
> systemlogging sources in their config like "/proc/kmsg" or "dev/log"
> on Linux. Is there a possibility to overwrite such sources in the
> global config or better a global parameter that avoids such
> configurations?
I ran into a similar situation in my environment. I wanted a testing
daemon which ran separately from the main one so that I could make a lot
of changes without causing outages. I noticed it's possible to run a
daemon (in your case it would be the application's daemon) as a non-root
user as long as you do not try to open the log devices (which you want
to prevent anyway) and bind it to sockets on ports >= 1024.
If that's not enough you could experiment with capabilities (man
capabilities) using getcap and setcap commands. It's possible to give a
process on a recent Linux or UNIX some root privileges without giving it
everything. This can be used, for example, to allow it to bind sockets,
without allowing it to do all the unwanted things. SELinux, etc. could
also be used to provide similar advantages.
> With best regards / Mit freundlichen Grüßen
> Stefan Hoenig
MfG,
Matthew.
More information about the syslog-ng
mailing list