Re: sylogd, klogd and syslog replacements (was: RE: [Cooker]imap-2001a-7mdk.src.rpm)
Borsenkow Andrej [EMAIL PROTECTED] writes: You'd need to work with priorities then, the precedence of the default sysklogd without mysql would have to be higher, and only have it if the user requests it. There are other things thatyou might need to take care of as well such as rebooting from a bad system where you might not have a /usr or a network. there is one problem (syslog-ng hits this as well). Currently both klogd and syslogd are bundled in one package - sysklogd. You may want to replace syslog - but you definitely do not want to replace klogd. So if sysklogd maintainer would agree to split sysklogd into two packages - klogd proper and syslogd proper it would make syslogd replacements much easier. And I would immediately release syslog-ng that I have been using here for some time now without a single problem (except stupid administrator :-) I mean, with proper config and logrotate configuration that currently conflicts with syslogd logrotate. Well, I am not against, as long as this does not change the classic syslog/klog program. -- Warly
Re: [Cooker] imap-2001a-7mdk.src.rpm
On Tuesday 28 May 2002 00.33, Vincent Danen wrote: On Mon May 27, 2002 at 12:39:07AM -0700, Ben Reser wrote: Oops, I just found the issue, fixed the rpm and provided it..., maybe I shouldn't have... Not your fault Oden. Really it isn't a problem. I'm not convinced you and vdanen are talking about the same thing but I can't really go into details and explain it. vdanen will get it cleared up though. :) Actually, it's kinda funny. RedHat posted their updates which fix an RFC822 bug we were supposed to coordinate... but they referenced this other buffer overflow but it doesn't look like they included the patch (Caldera did, however). He he, that was funny... Anyways, I put in a new version that has the proper patch applied (the overflow patch was for a different bug, not referenced in their advisory, although they didn't look to fix the bug that they *did* reference). At any rate, since srpms are under public scrutiny, I assume the RFC822 bug is public now and ours will be available shortly. Well, great! then the new imap will have two new fixes then? -- Regards // Oden Eriksson
Re: sylogd, klogd and syslog replacements (was: RE: [Cooker] imap-2001a-7mdk.src.rpm)
Borsenkow Andrej [EMAIL PROTECTED] writes: btw do you know if there's anything that would be needed to change if syslog-ng were to become a real drop-in replacement for syslogd? [...] 4. Add syslog-ng support to msec. The reason for a split is, logrotate for syslogd and syslog-ng refer to the same files which means logs are rotated twice. What I had in mind is to make syslog-ng conflict with syslogd. Alternative is (assuming syslog-ng is adopted) to just check which one is currently running and prime it. Fredl, do you have any plans to add support for external modules? It would be ideal case - syslog-ng comes with own msec module to avoid rewriting it every time. No I don't want to do that. I prefer to have a central point for all security related stuff. -- Fred - May the source be with you
Re: [Cooker] imap-2001a-7mdk.src.rpm
On Monday 27 May 2002 02.17, Geoffrey Lee wrote: http://www.mandrake.com/en/archives/cooker/2002-05/msg01166.php Oh yes, I read about that one. My personal opinion is that (as with anything fancy) that it is very nice, but it's a very big fancy candy add-on that you are adding to a basesystem tool ... True, true You'd need to work with priorities then, the precedence of the default sysklogd without mysql would have to be higher, and only have it if the user requests it. There are other things thatyou might need to take care of as well such as rebooting from a bad system where you might not have a /usr or a network. Good points. There have to be some sort of failsafe fallback mechanism to standard syslogging if no network or required libs. But it was meant as an optional thing. Maybe it should live in contribs, where it conflicts with the standard one instead? I have no opinion if you can get it working :) I will see later if I can make this tick the way you suggests. Thanks for your feedback! -- Regards // Oden Eriksson
RE: sylogd, klogd and syslog replacements (was: RE: [Cooker] imap-2001a-7mdk.src.rpm)
http://www.mandrake.com/en/archives/cooker/2002-05/msg01166.php
Oh yes, I read about that one.
My personal opinion is that (as with anything fancy) that it is
very
nice,
but it's a very big fancy candy add-on that you are adding to a
basesystem
tool ...
BTW if you look in syslog-ng archives you'll see an example of SQL
connector using pipes. Nothing very special is needed for it:
destination d_mysql {pipe(/etc/mysql.pipe template(INSERT INTO
logs(host, facility, priority, level, tag, date, time, program, msg)
VALUES('$HOST', '$FACILILITY', '$PRIORITY', '$LEVEL', '$TAG',
'$YEAR-$MONTH-$DAY', $HOUR:$MIN:$SEC', '$PROGRAM', $MSG');\n)
template-escape(yes)); };
just have something on other end linstening.
cool is not it?
-andrej
Re: [Cooker] imap-2001a-7mdk.src.rpm
On Monday 27 May 2002 05.18, Vincent Danen wrote: On Mon May 27, 2002 at 09:33:26AM +1000, Geoffrey Lee wrote: http://d-srv.com/Cooker/SRPMS/imap-2001a-7mdk.src.rpm and done for cooker. thx. Hmmm..., I guess this should be a security update for all the Mandrake versions too, no? Yes, there should be one. Vincent will probably take care of it but we can't release official updates as fast as cooker since we have to do some regression testing to make sure that nothing breaks. Testing was done quite a while ago... but this was supposed to be coordinated and, obviously, no coordination was done... grrr... Packages will go out on Monday. Oops, I just found the issue, fixed the rpm and provided it..., maybe I shouldn't have... -- Regards // Oden Eriksson
Re: [Cooker] imap-2001a-7mdk.src.rpm
On Mon, May 27, 2002 at 09:28:18AM +0200, Oden Eriksson wrote: Oops, I just found the issue, fixed the rpm and provided it..., maybe I shouldn't have... Not your fault Oden. Really it isn't a problem. I'm not convinced you and vdanen are talking about the same thing but I can't really go into details and explain it. vdanen will get it cleared up though. :) -- Ben Reser [EMAIL PROTECTED] http://ben.reser.org We tend to see all wars through the lens of the current conflict, and we mine history for lessons convenient to the present purpose. - Brian Hayes
Re: sylogd, klogd and syslog replacements (was: RE: [Cooker] imap-2001a-7mdk.src.rpm)
On Monday 27 May 2002 07.15, Borsenkow Andrej wrote: http://www.mandrake.com/en/archives/cooker/2002-05/msg01166.php Oh yes, I read about that one. My personal opinion is that (as with anything fancy) that it is very nice, but it's a very big fancy candy add-on that you are adding to a basesystem tool ... True, true You'd need to work with priorities then, the precedence of the default sysklogd without mysql would have to be higher, and only have it if the user requests it. There are other things thatyou might need to take care of as well such as rebooting from a bad system where you might not have a /usr or a network. there is one problem (syslog-ng hits this as well). Currently both klogd and syslogd are bundled in one package - sysklogd. You may want to replace syslog - but you definitely do not want to replace klogd. No, you didn't read my mail. My changes does not replace anything, check: http://d-srv.com/Cooker/SRPMS/sysklogd-1.4.1-3mdk.src.rpm, and http://www.mandrake.com/en/archives/cooker/2002-05/msg01166.php I agree it would be a good idea to break out klogd. So if sysklogd maintainer would agree to split sysklogd into two packages - klogd proper and syslogd proper it would make syslogd replacements much easier. And I would immediately release syslog-ng that I have been using here for some time now without a single problem (except stupid administrator :-) I mean, with proper config and logrotate configuration that currently conflicts with syslogd logrotate. Great! But as I understand there's many other syslog replacements, the one that comes to my mind is for example http://smarden.org/socklog/ I have run klogd superviced too:) Well, sorry, I know ucspi-tcp and daemontools are not in the distro (yet), but I can dream, can't I? -- Regards // Oden Eriksson
Re: [Cooker] imap-2001a-7mdk.src.rpm
On Monday 27 May 2002 09.39, Ben Reser wrote: On Mon, May 27, 2002 at 09:28:18AM +0200, Oden Eriksson wrote: Oops, I just found the issue, fixed the rpm and provided it..., maybe I shouldn't have... Not your fault Oden. Really it isn't a problem. I'm not convinced you and vdanen are talking about the same thing but I can't really go into details and explain it. vdanen will get it cleared up though. :) Thanks, I think I get it now. -- Regards // Oden Eriksson
Re: sylogd, klogd and syslog replacements (was: RE: [Cooker] imap-2001a-7mdk.src.rpm)
VALUES('$HOST', '$FACILILITY', '$PRIORITY', '$LEVEL', '$TAG',
'$YEAR-$MONTH-$DAY', $HOUR:$MIN:$SEC', '$PROGRAM', $MSG');\n)
template-escape(yes)); };
just have something on other end linstening.
cool is not it?
Yes, it's really nice! My initial comment on Oden's changes was that I did
like the idea if we made syslogd depend on mysql so much that inside the
distrib that using a non-sql syslogd would not be a viable alternative,
otherwise I really don't have a problem with it. :-)
btw do you know if there's anything that would be needed to change if
syslog-ng were to become a real drop-in replacement for syslogd?
And the sysklogd maintainer is Warly. you can ask him for the final
decision :-)
-- Geoff.
RE: sylogd, klogd and syslog replacements (was: RE: [Cooker] imap-2001a-7mdk.src.rpm)
btw do you know if there's anything that would be needed to change if syslog-ng were to become a real drop-in replacement for syslogd? 1. Fix syslog-ng config (apart from stupid formatting bug /dev/log seems to be DGRAM not STREAM contrary to syslog-ng readme). 2. Add proper logrotate to syslog-ng 3. Split sysklogd into klogd and syslogd proper so that you could replace syslogd part with alternative implementation. You can run syslog-ng without klogd but then you need /proc/kmsg i.e. it won't work if /proc is not mounted. 4. Add syslog-ng support to msec. The reason for a split is, logrotate for syslogd and syslog-ng refer to the same files which means logs are rotated twice. What I had in mind is to make syslog-ng conflict with syslogd. Alternative is (assuming syslog-ng is adopted) to just check which one is currently running and prime it. Fredl, do you have any plans to add support for external modules? It would be ideal case - syslog-ng comes with own msec module to avoid rewriting it every time. Currently I have fixed RPM (based on syslog-ng 1.5.17); if there is any interest I can upload it but I do not know what to do with sources - one file is defined as extra source and AFAIK sources are not entered in CVS when I upload RPM? Also it does not contain logrotate support for above reasons. And the sysklogd maintainer is Warly. you can ask him for the final decision :-) So far syslog-ng seems to work here and it allows _far_ better control over where your logs go. It has some problems in interaction with klogd but I bet it is solvable. -andrej
Re: [Cooker] imap-2001a-7mdk.src.rpm
On Mon May 27, 2002 at 12:39:07AM -0700, Ben Reser wrote: Oops, I just found the issue, fixed the rpm and provided it..., maybe I shouldn't have... Not your fault Oden. Really it isn't a problem. I'm not convinced you and vdanen are talking about the same thing but I can't really go into details and explain it. vdanen will get it cleared up though. :) Actually, it's kinda funny. RedHat posted their updates which fix an RFC822 bug we were supposed to coordinate... but they referenced this other buffer overflow but it doesn't look like they included the patch (Caldera did, however). Anyways, I put in a new version that has the proper patch applied (the overflow patch was for a different bug, not referenced in their advisory, although they didn't look to fix the bug that they *did* reference). At any rate, since srpms are under public scrutiny, I assume the RFC822 bug is public now and ours will be available shortly. -- MandrakeSoft Security; http://www.mandrakesecure.net/ lynx -source http://www.freezer-burn.org/bios/vdanen.gpg | gpg --import 1024D/FE6F2AFD 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD Current Linux kernel 2.4.18-6.4mdk uptime: 4 days 2 hours 50 minutes. msg64896/pgp0.pgp Description: PGP signature
Re: [Cooker] imap-2001a-7mdk.src.rpm
On Mon, May 27, 2002 at 04:33:39PM -0600, Vincent Danen wrote: Actually, it's kinda funny. RedHat posted their updates which fix an RFC822 bug we were supposed to coordinate... but they referenced this other buffer overflow but it doesn't look like they included the patch (Caldera did, however). Probably what happened was they saw the Caldera advisory and went Ohh crap this wasn't cordinated we need to put it out. Looked at Caldera's advisory, borrowed some of their description and spat it out. Not realizing it was an entirely different issue. -- Ben Reser [EMAIL PROTECTED] http://ben.reser.org We tend to see all wars through the lens of the current conflict, and we mine history for lessons convenient to the present purpose. - Brian Hayes
Re: [Cooker] imap-2001a-7mdk.src.rpm
On Mon May 27, 2002 at 06:18:38PM -0700, Ben Reser wrote: Actually, it's kinda funny. RedHat posted their updates which fix an RFC822 bug we were supposed to coordinate... but they referenced this other buffer overflow but it doesn't look like they included the patch (Caldera did, however). Probably what happened was they saw the Caldera advisory and went Ohh crap this wasn't cordinated we need to put it out. Looked at Caldera's advisory, borrowed some of their description and spat it out. Not realizing it was an entirely different issue. That could very well be... It actually wouldn't surprise me. I did fire off an email to one of the guys at Red Hat that I talk with often and made a note of it to him, just in case he isn't aware. I might dislike Red Hat itself, but this is a little too serious to sit back and chuckle over. =) -- MandrakeSoft Security; http://www.mandrakesecure.net/ lynx -source http://www.freezer-burn.org/bios/vdanen.gpg | gpg --import 1024D/FE6F2AFD 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD Current Linux kernel 2.4.18-6.4mdk uptime: 4 days 8 hours 9 minutes. msg64906/pgp0.pgp Description: PGP signature
[Cooker] imap-2001a-7mdk.src.rpm
Hi, Here is a new imap package containing a security fix as in: http://lwn.net/alerts/RedHat/RHSA-2002:092-11.php3 Get it here: http://d-srv.com/Cooker/SRPMS/imap-2001a-7mdk.src.rpm -- Regards // Oden Eriksson
Re: [Cooker] imap-2001a-7mdk.src.rpm
Oden Eriksson [EMAIL PROTECTED] writes: Hi, Here is a new imap package containing a security fix as in: http://lwn.net/alerts/RedHat/RHSA-2002:092-11.php3 Get it here: http://d-srv.com/Cooker/SRPMS/imap-2001a-7mdk.src.rpm and done for cooker. thx. -- Yves Duret [EMAIL PROTECTED] piouk toujours et meme apres !
Re: [Cooker] imap-2001a-7mdk.src.rpm
On Sunday 26 May 2002 16.56, Yves Duret wrote: Oden Eriksson [EMAIL PROTECTED] writes: Hi, Here is a new imap package containing a security fix as in: http://lwn.net/alerts/RedHat/RHSA-2002:092-11.php3 Get it here: http://d-srv.com/Cooker/SRPMS/imap-2001a-7mdk.src.rpm and done for cooker. thx. Thanks, then I remove it from my site. -- Regards // Oden Eriksson
Re: [Cooker] imap-2001a-7mdk.src.rpm
On Sunday 26 May 2002 16.56, Yves Duret wrote: Oden Eriksson [EMAIL PROTECTED] writes: Hi, Here is a new imap package containing a security fix as in: http://lwn.net/alerts/RedHat/RHSA-2002:092-11.php3 Get it here: http://d-srv.com/Cooker/SRPMS/imap-2001a-7mdk.src.rpm and done for cooker. thx. Hmmm..., I guess this should be a security update for all the Mandrake versions too, no? -- Regards // Oden Eriksson
Re: [Cooker] imap-2001a-7mdk.src.rpm
Oden Eriksson [EMAIL PROTECTED] writes: Hmmm..., I guess this should be a security update for all the Mandrake versions too, no? yes, cbelisle should watch at this tomorow.. -- Yves Duret [EMAIL PROTECTED] piouk toujours et meme apres !
Re: [Cooker] imap-2001a-7mdk.src.rpm
http://d-srv.com/Cooker/SRPMS/imap-2001a-7mdk.src.rpm and done for cooker. thx. Hmmm..., I guess this should be a security update for all the Mandrake versions too, no? Yes, there should be one. Vincent will probably take care of it but we can't release official updates as fast as cooker since we have to do some regression testing to make sure that nothing breaks. -- Geoff.
Re: [Cooker] imap-2001a-7mdk.src.rpm
On Monday 27 May 2002 01.33, Geoffrey Lee wrote: http://d-srv.com/Cooker/SRPMS/imap-2001a-7mdk.src.rpm and done for cooker. thx. Hmmm..., I guess this should be a security update for all the Mandrake versions too, no? Yes, there should be one. Vincent will probably take care of it but we can't release official updates as fast as cooker since we have to do some regression testing to make sure that nothing breaks. Ahh, of course. BTW. What about my syslog-sql stuff then, I haven't recieved a single answer on that issue. Check: http://www.mandrake.com/en/archives/cooker/2002-05/msg01166.php -- Regards // Oden Eriksson
Re: [Cooker] imap-2001a-7mdk.src.rpm
Yes, there should be one. Vincent will probably take care of it but we can't release official updates as fast as cooker since we have to do some regression testing to make sure that nothing breaks. Ahh, of course. BTW. What about my syslog-sql stuff then, I haven't recieved a single answer on that issue. Check: http://www.mandrake.com/en/archives/cooker/2002-05/msg01166.php Oh yes, I read about that one. My personal opinion is that (as with anything fancy) that it is very nice, but it's a very big fancy candy add-on that you are adding to a basesystem tool ... -- Geoff.
Re: [Cooker] imap-2001a-7mdk.src.rpm
On Monday 27 May 2002 02.02, Geoffrey Lee wrote: Yes, there should be one. Vincent will probably take care of it but we can't release official updates as fast as cooker since we have to do some regression testing to make sure that nothing breaks. Ahh, of course. BTW. What about my syslog-sql stuff then, I haven't recieved a single answer on that issue. Check: http://www.mandrake.com/en/archives/cooker/2002-05/msg01166.php Oh yes, I read about that one. My personal opinion is that (as with anything fancy) that it is very nice, but it's a very big fancy candy add-on that you are adding to a basesystem tool ... True, true But it was meant as an optional thing. Maybe it should live in contribs, where it conflicts with the standard one instead? -- Regards // Oden Eriksson
Re: [Cooker] imap-2001a-7mdk.src.rpm
http://www.mandrake.com/en/archives/cooker/2002-05/msg01166.php Oh yes, I read about that one. My personal opinion is that (as with anything fancy) that it is very nice, but it's a very big fancy candy add-on that you are adding to a basesystem tool ... True, true You'd need to work with priorities then, the precedence of the default sysklogd without mysql would have to be higher, and only have it if the user requests it. There are other things thatyou might need to take care of as well such as rebooting from a bad system where you might not have a /usr or a network. But it was meant as an optional thing. Maybe it should live in contribs, where it conflicts with the standard one instead? I have no opinion if you can get it working :) -- Geoff.
Re: [Cooker] imap-2001a-7mdk.src.rpm
On Sun May 26, 2002 at 02:18:05PM +0200, Oden Eriksson wrote: Here is a new imap package containing a security fix as in: http://lwn.net/alerts/RedHat/RHSA-2002:092-11.php3 Get it here: http://d-srv.com/Cooker/SRPMS/imap-2001a-7mdk.src.rpm Already built, but was waiting for the go-ahead to post the packages. Unfortunately, this was supposed to be coordinated and, obviously, wasn't. =( Updated packages will go out on monday. -- MandrakeSoft Security; http://www.mandrakesecure.net/ lynx -source http://www.freezer-burn.org/bios/vdanen.gpg | gpg --import 1024D/FE6F2AFD 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD Current Linux kernel 2.4.18-6.4mdk uptime: 3 days 7 hours 33 minutes. msg64807/pgp0.pgp Description: PGP signature
Re: [Cooker] imap-2001a-7mdk.src.rpm
On Mon May 27, 2002 at 09:33:26AM +1000, Geoffrey Lee wrote: http://d-srv.com/Cooker/SRPMS/imap-2001a-7mdk.src.rpm and done for cooker. thx. Hmmm..., I guess this should be a security update for all the Mandrake versions too, no? Yes, there should be one. Vincent will probably take care of it but we can't release official updates as fast as cooker since we have to do some regression testing to make sure that nothing breaks. Testing was done quite a while ago... but this was supposed to be coordinated and, obviously, no coordination was done... grrr... Packages will go out on Monday. -- MandrakeSoft Security; http://www.mandrakesecure.net/ lynx -source http://www.freezer-burn.org/bios/vdanen.gpg | gpg --import 1024D/FE6F2AFD 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD Current Linux kernel 2.4.18-6.4mdk uptime: 3 days 7 hours 37 minutes. msg64808/pgp0.pgp Description: PGP signature
sylogd, klogd and syslog replacements (was: RE: [Cooker] imap-2001a-7mdk.src.rpm)
http://www.mandrake.com/en/archives/cooker/2002-05/msg01166.php Oh yes, I read about that one. My personal opinion is that (as with anything fancy) that it is very nice, but it's a very big fancy candy add-on that you are adding to a basesystem tool ... True, true You'd need to work with priorities then, the precedence of the default sysklogd without mysql would have to be higher, and only have it if the user requests it. There are other things thatyou might need to take care of as well such as rebooting from a bad system where you might not have a /usr or a network. there is one problem (syslog-ng hits this as well). Currently both klogd and syslogd are bundled in one package - sysklogd. You may want to replace syslog - but you definitely do not want to replace klogd. So if sysklogd maintainer would agree to split sysklogd into two packages - klogd proper and syslogd proper it would make syslogd replacements much easier. And I would immediately release syslog-ng that I have been using here for some time now without a single problem (except stupid administrator :-) I mean, with proper config and logrotate configuration that currently conflicts with syslogd logrotate. -andrej
