syslog-ng and gradm

Submit your RBAC policies or suggest policy improvements

Moderators: spender, PaX Team

syslog-ng and gradm

Postby urug » Wed Jun 23, 2004 1:27 pm

Hello .
I have little problem with my syslog-ng .
I can't run syslog-ng, when gradm is enabled

I saw this error :
io.c: bind_unix_socket(): bind failed /dev/log (Permission denided)
...

Now i can run syslog-ng only when gradm is disabled .

Problem number 2
Gradm don't want to log to my syslog-ng :/

Can smbd help me ?
Regards, urug
urug
 
Posts: 13
Joined: Wed Jun 23, 2004 1:22 pm
Location: Poland

Postby Sleight of Mind » Wed Jun 23, 2004 5:23 pm

problem 1: you need to make sure syslog-ng has read access to /dev/log. Check your /etc/grsec/acl

problem 2: works fine here. I use (relevant entries):
Code: Select all
source src {
        unix-stream("/dev/log");
        internal();
        pipe("/proc/kmsg");
};
filter f_grsec { match(grsec:); };
destination grsec { file("/var/log/grsecurity"); };
log { source(src); filter(f_grsec); destination(grsec); };
10100111001
Sleight of Mind
 
Posts: 92
Joined: Tue Apr 08, 2003 10:41 am
Location: Rotterdam, NL

:///

Postby urug » Thu Jun 24, 2004 2:51 am

syslog-ng can read from /dev/log .

subject /usr/local/sbin/syslog-ng p {
/dev/log r
}
Regards, urug
urug
 
Posts: 13
Joined: Wed Jun 23, 2004 1:22 pm
Location: Poland

Postby spender » Thu Jun 24, 2004 9:56 am

connecting to a stream socket requires rw access, and binding one requires rwcd, so change that /dev/log r line to /dev/log rwcd

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm
Location: VA, USA

works !

Postby urug » Thu Jun 24, 2004 10:05 am

thx
Regards, urug
urug
 
Posts: 13
Joined: Wed Jun 23, 2004 1:22 pm
Location: Poland


Return to RBAC policy development