From 12e04f9fc29d0fddfb06f326be96931081844b9f Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Thu, 5 Oct 2006 20:36:59 +0000 Subject: syslog svn path=/rcynic/README; revision=358 --- rcynic/README | 32 +++++++------------------------- 1 file changed, 7 insertions(+), 25 deletions(-) diff --git a/rcynic/README b/rcynic/README index c2e9743d..3b718f2c 100644 --- a/rcynic/README +++ b/rcynic/README @@ -293,8 +293,6 @@ accident. Programs running in jails under cron should not make assumptions about the current working directory or environment variable settings. - - Building static binaries: On FreeBSD, building a staticly linked rsync is easy: just set the @@ -306,31 +304,15 @@ work on other platforms. For simplicity, I've taken the same approach with rcynic, so just setting LDFLAGS='-static' and running make should work. - - -To Do: - -- Support for running rsync chrooted. - - After some discussion with Randy, I've concluded that it'd be much - simpler to run both rcynic and rsync in the chrooted jail than it - would be to run just rsync in the chrooted jail. As far as we can - tell, putting rcynic in the jail with rsync doesn't create any - serious new threats, and it simplifies many things. - - To further simplify this, we'll handle the chroot itself via an - external program. Wietse Venema's chrootuid[*] would probably - suffice out of the box: one could do slightly better by tweaking it - for this specific application, but the main thing that's missing is - some shell script code and instructions for compiling static - binaries and setting up the jail. No research topics here, this is - all ancient technology, the tricky bit is just getting all the - finicky details right. +syslog: - [*] ftp://ftp.porcupine.org/pub/security/chrootuid1.3.tar.gz +Depending on your syslogd configuration, syslog may not work properly +with rcynic in a chroot jail. On FreeBSD, the easiest way to fix this +is to add the following lines to /etc/rc.conf: -- autoconf? probably not, unless we run into portability issues - serious enough to require it. + altlog_proglist="named rcynic" + rcynic_chrootdir="/var/rcynic" + rcynic_enable="YES" -- cgit v1.2.3