Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Bind 9 Logging - Ubuntu Hardy Heron server 8.04

Posted on 2008-10-28
7
Medium Priority
?
1,385 Views
Last Modified: 2013-12-23
I have two questions. And, I'm logged in as root as I do this stuff.

One:
I'm trying to setup logging on our DNS server. I have the following msg in syslog. Can somebody clue me in as to what I may need to do to fix it? I'm guessing it has something to do with umask.

kernel: audit : type=1503 operation=inode_permission requested_mask=a:: name=/var/log/query.log pid=5819 profile=/usr/sbin/named namespace=default

named: logging channel query file /var/log/query.log: permission denied


I searched the Linux Questions forum and found a thread about Apparmor being the culprit so I set it to complain mode, restarted named, but no joy.

Here's my logging statement straight out of Ubuntu's documentation.

logging {
channel query.log {
file "/var/log/query.log";
// Set the severity to dynamic to see all the debug messages.
severity debug 3;
};

category queries { query.log; };
};

ls -al /var/log/query.log
returns
-rw-r--r-- 1 bind bind 0 date time query.log

I've also tried this statement out of Mark Sobell's "A Practical Guide to Ubuntu Linux" book. No joy.
Should either one of these statements work once I have the "permissions denied" problem resolved?

logging {
channel "query" {
file "/var/log/query.log";
// Set the severity to dynamic to see all the debug messages.
severity debug 3;
};

category queries { "query"; };

};

Two:
Why can't I view the contents of usr.sbin.named?
When I run the cmd "more /etc/usr.sbin.named" it returns "No such file or directory."
ls -al /etc/usr.sbin.named
returns
-rw-r--r-- 1 root root 742 date time usr.sbin.named
0
Comment
Question by:Westez
  • 3
  • 2
6 Comments
 

Author Comment

by:Westez
ID: 22826187
I've determined that Apparmor is the culprint.  No error msg and  I can write to the logs when it's disabled.
I'd prefer to have Apparmor running and protecting named.  How can this be done?
0
 
LVL 1

Expert Comment

by:KMlynarski
ID: 22826706
Hello Westez,

1. query.log problem:

Try this (as root):
(In my example I'm using the vi editor, but you can use any text editor of your choice)

# mkdir /var/log/named
# chown bind:bind /var/log/named
# vi /etc/bind/<name_of-your-config_file_here>

.... replace:

file "/var/log/query.log";

... with:

file "/var/log/named/query.log";

... and save your bind configuration file, and exit the vi.

# /etc/init.d/bind9 restart

... and then, do some queries using dig or any utility like that.

Check if your /var/log/named/query.log shows you something. It really should!

Why? Here's part TWO:

There's a definition in the file: /etc/apparmor.d/usr.sbin.named:

[...]
  # some people like to put logs in /var/log/named/
  /var/log/named/** rw,
[...]

Of course, you (in theory) can change this definition, to point to /var/log... but, you can't view or edit the file, right?

Why? I don't know exactly, but in a clean install of the Ubuntu 8.04 you should have right to see or even edit (as root) this very file. If not, then you may have any weird filesystem flags set on this file. You can check this using the following command (as root):

root@ubuntu:~# lsattr /etc/apparmor.d/

... and the output should be something like that:

------------------ /etc/apparmor.d/abstractions
------------------ /etc/apparmor.d/usr.sbin.cupsd
------------------ /etc/apparmor.d/disable
------------------ /etc/apparmor.d/usr.sbin.named
------------------ /etc/apparmor.d/tunables
------------------ /etc/apparmor.d/force-complain
root@ubuntu:~#

If it isn't (there are any flags visible instead of "-" characters on the left side of the file name, you can use the chattr command to disable the flag (man chattr).

Hope this will be helpful!

Bestest,
 -Chris



0
 

Author Comment

by:Westez
ID: 22835927
Chris,

I built this box from scratch and loaded just dns and ssh and accepted the defaults.  So there's no /var/log/named directory, only /var/log/
And I did edit the usr.sbin.named file and added the line /var/log/** rw,
then restarted bind9. Ran some digs, etc to see if the file was being written to, before I posted up.
And I can view the file query.log, but there's nothing in it to view, with Apparmor running.  If I turn Apparmor off there's a ton of stuff written to it.

I just ran the lsattr /etc/apparmor.d/ cmd and it runs cleanly the way you would expect it to, so no weird file permissions.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 62

Expert Comment

by:gheist
ID: 22867579
BIND in Ubuntu chroot-s so you will need to use syslog or create log file under /var/lib/named/./
0
 

Author Comment

by:Westez
ID: 22868215
gheist - I didn't chroot the setup.
0
 
LVL 62

Accepted Solution

by:
gheist earned 2000 total points
ID: 22868480
You have to add log directory twice into apparmor.d file.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

782 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question