Ryan Niklas Edmundsson (niklas-edmundsson) on 2012-10-11 tags: added: precise RedShift (redshift-gmx) wrote on 2013-02-26: #13 Can't quite believe it, centralized logging on standard 514 is not possible while not running as Going to reconsider syslog-ng... May 27 18:37:55 ubuntu01 rsyslogd: [origin software="rsyslogd" swVersion="4.6.4" x-pid="5547" x-info="http://www.rsyslog.com"] (re)start May 27 18:37:55 ubuntu01 rsyslogd: rsyslogd's groupid changed to 103 May 27 18:37:55 ubuntu01 rsyslogd: rsyslogd's userid changed to 101 function readfile() is not properly used. #19 Updated by Nicolas PERRON over 4 years ago Status changed from In progress to Pending technical review % Done changed from 90 to 100 Source
Next message: [Bug 789174] Re: rsyslog fails to create tcp socket. Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] More information about the foundations-bugs mailing list [Bug 789174] Re: rsyslog fails to create tcp socket. http://www.rsyslog.com/ubuntu-repository/ marc (malerisch) wrote on 2013-05-27: #17 Hi, an easy fix, but it almost takes 2 years :((( What horrible. This book focuses on networks and real attacks, offers extensive coverage of offensive and defensive techniques, and is supported by a rich collection of exercises and resources.You'll learn how to configure...https://books.google.com/books/about/Cyber_Operations.html?id=ZfrNCgAAQBAJ&utm_source=gb-gplus-shareCyber
Sl Jun12 7:33 rsyslogd -c5 My centos/rhel systems do not exhibit this bug, but after looking it seems they are running rsyslog as root by default. I think they could read in the port number from rudder-web.properties directly. Configuration is attached. Nico, I reassign that task to you to finish the techniques and packaging stuff. #14 Updated by Nicolas PERRON over 4 years ago François ARMAND wrote: A new system variable is
You signed in with another tab or window. Because rsyslog drops privileges to syslog, and the required port is 514, which can only be used by a process running with root privileges (every port below 1025) http://lists.adiscon.net/pipermail/rsyslog/2010-April/011700.html workaround is RHEL Process Info root 2347 2.6 0.0 416916 2088 ? Updated over 4 years ago.
I'll solicit my work to see how they feel on reimbursement for the proper bug fix to address the privilege race condition. I tried something like: sucap bulb bulb execcap cap_net_bind_service=eip rsyslogd but I was getting: Caps: =ep cap_setpcap-ep sucaps: capsetp: Operation not permitted sucap: child did not exit cleanly. Nico, I reassign that task to you to finish the techniques and packaging stuff. https://lists.ubuntu.com/archives/foundations-bugs/2011-June/003789.html Config file contains: > > $PrivDropToUser bulb > $PrivDropToGroup bulb > > $Ruleset indata > $RulesetCreateMainQueue on > > $InputTCPServerBindRuleset indata > $InputTCPServerRun 514 > $InputUDPServerBindRuleset indata > $UDPServerRun 514 >
To make this possible you have to change /etc/rsyslog.conf $PrivDropToGroup syslog To $PrivDropToGroup adm Launchpad Janitor (janitor) on 2011-08-30 Changed in rsyslog (Ubuntu): status: New → Confirmed phillyclaude (claude-claudeschrader) wrote on Star 0 Fork 0 robinsmidsrod/gist:4095831 Created Nov 17, 2012 Embed What would you like to do? GOOD WORK !! Jon, I'm not sure about the implementation.Should we use a variable in rudder-web.properties which define a port number of syslog ?
For 2/, we believe that the simplest and more futur-proof solution is to simply have a property in Rudder configuration.properties file for that port, defaulted to default Rsyslog port, and with https://bugs.launchpad.net/bugs/789174 Title: rsyslog fails to create tcp socket. Yes, I am an agent of Satan, but my duties are largely (_ \ / _) ceremonial. | | dave [at] fly _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com rgerhards at hq Dec2,2010,4:49AM Post This is a great training manual for Cyber Security students.
Edit bug mail Other bug subscribers Subscribe someone else Bug attachments Ubuntu 12.04 LTS Client rsyslog.conf from rsyslog 5.8.6-1ubuntu8 (edit) Ubuntu 12.04 LTS Server rsyslog.conf from rsyslog 5.8.6-1ubuntu8 Example (edit) Add this contact form I can't find any decent documentation for those commands. Normal for suid progs IMHO is: make thing which need root privileges (e.g. For 2/, we believe that the simplest and more futur-proof solution is to simply have a property in Rudder configuration.properties file for that port, defaulted to default Rsyslog port, and with
Status in "rsyslog" package in Ubuntu: New Bug description: Binary package hint: rsyslog My package: ii rsyslog 4.6.4-2ubuntu4 The thing is that when starting rsyslog first drop privileges and then tries My rsyslog.conf file (attached) is using the $PrivDropToUser syslog and $PrivDropToGroup syslog directives. Maybe adding a sleep somewhere might help? have a peek here You signed out in another tab or window.
May 27 18:37:55 ubuntu01 rsyslogd: [origin software="rsyslogd" swVersion="4.6.4" x-pid="5547" x-info="http://www.rsyslog.com"] (re)start May 27 18:37:55 ubuntu01 rsyslogd: rsyslogd's groupid changed to 103 May 27 18:37:55 ubuntu01 rsyslogd: rsyslogd's userid changed to 101 Caps: = Strace just showed that the capset syscall was failing with EPERM. futex resumed> ) = 0 > 28240 setuid(1004) = 0 > > That was privilege drop. > > 28243 socket(PF_INET6, SOCK_STREAM, IPPROTO_TCP) = 9 > 28243 setsockopt(9, SOL_IPV6, IPV6_V6ONLY, , 4)
Configuration is attached. Contact Gossamer Threads Web Applications & Managed Hosting Powered by Gossamer Threads Inc. RHEL Process Info root 2347 2.6 0.0 416916 2088 ? Bind() fails because it happens after privilege > drop. > > -- > .-. .-.
Any other conditions, don't touch that. HTTPS Learn more about clone URLs Download ZIP Code Revisions 1 rsyslogd unable to create tcp listening socket Raw gistfile1.txt 5352.856158387:7fad56ffd700: entry point 'isCompatibleWithFeature' not present in module 5352.856173357:7fad56ffd700: source file Yes, I am an agent of Satan, but my duties are largely (_ \ / _) ceremonial. | | dave [at] fly _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com Index | Check This Out It seems to be a problem relating to binding the TCP port later after it has already dropped permissions.
Yes, I am an agent of Satan, but my duties are largely > (_ \ / _) ceremonial. > | > | dave [at] fly > _______________________________________________ > rsyslog mailing list This seems to be a bug, because the same configuration works fine on 10.04. THCTLO (thctlo) wrote on 2013-03-05: #14 This problem is still here..