bumped syslog-ng for cap_syslog patch

10 files changed, 622 insertions, 0 deletions

diff --git a/app-admin/syslog-ng/Manifest b/app-admin/syslog-ng/Manifest
new file mode 100644
index 0000000..3268b80
--- /dev/null
+++ b/app-admin/syslog-ng/Manifest
@@ -0,0 +1,10 @@
+AUX syslog-ng-3.2.4-use-cap_syslog.patch 5221 RMD160 0dec8c418af8dd7f1b19e8e37d41cac6083bd7f3 SHA1 e03c677cf0ff33ea495f7b226172bec7f0721c32 SHA256 d07970ed11172650f6cbe6bbc872bb66fe77e09dd0794b515ebe1799cc1045d4
+AUX syslog-ng.conf.gentoo.3.2 1314 RMD160 d8d12cbc02877baf4449590586798133d9914911 SHA1 af084e744864dcc292741df2cc701d1f8a982e00 SHA256 91221fe7aeb6dff126dd878f541366d00918a278f46348f6f763ad2cbc01ea19
+AUX syslog-ng.conf.gentoo.fbsd.3.2 689 RMD160 001482d7e90b44896d374f4a1049ece9541a8f2e SHA1 4be46d2f9461c45e743e10e69a4252ce599deee5 SHA256 7249cb13fff50e2695a427fe4dc1285dad6838f576304cb6ddde0c53ff9814ad
+AUX syslog-ng.conf.gentoo.hardened.3.2 4573 RMD160 052ece8eda5e118fb2ce99258c5fc9733675e112 SHA1 97fab61fca9f2387d1c2c890b648f5df363198a7 SHA256 1ed9f8dc0be045bb3064b0ae237adf865689b35c9da58d19ce69367d709191e2
+AUX syslog-ng.confd 150 RMD160 b5ab31e1c285fdd2f41324abc2c6b39bce59038d SHA1 c5df6ef1eca2a169fb3073816d4a06b7c85c0b0c SHA256 8319ca8e39a5dab5ddc82eede088e1f58ff25deef330804648000359cb736a3f
+AUX syslog-ng.logrotate 354 RMD160 120e617e36299bd7bea2ec226c2cda6e1574b793 SHA1 64abb48d2222e9702cbb33bc223507c44dbe2e85 SHA256 e8e1b6d87f8217c77c0bfbe3095cac0c4edcb72473cbd1423bf2ae7bffee8ca3
+AUX syslog-ng.logrotate.hardened 1742 RMD160 fd60ca606aec32eae51e3c219fd86124ca1f8cf6 SHA1 675f800200b37496a0335cd27e289b24c8d4f259 SHA256 f2c9f99c7dd73e709e5edb7be99de5a13058baab29d3c922ab9366ddd50eda8f
+AUX syslog-ng.rc6.3 1855 RMD160 ce1c74938d554e09284ddef36217b205d91f71ed SHA1 bd634b41728d1e5f5fa1712b93b0cca79302fbfb SHA256 d125c4fffc6dd15d891b5092a8e83de594d9c1b04797ec89e4cacd3451539723
+DIST syslog-ng_3.2.4.tar.gz 1435115 RMD160 2927ba4d9b8a913f7117a659806c1721fe3d244e SHA1 ff732f7223bd2bd0424d4b9028b523cf62133af1 SHA256 e7bbd53121b57ba49089a0f95bf10a393e62b27a575c83d08e668c9dc1fe2f15
+EBUILD syslog-ng-3.2.4-r1.ebuild 3341 RMD160 9f43fc8857a12a3121f8e259a842d5f682f9770e SHA1 21463798e786a5d8ad6b6426268ffe45b94cd7d9 SHA256 e917b9bb696e3515c7d644abe361698d2530b01761cda85b4909a8ea54f593a0
diff --git a/app-admin/syslog-ng/files/syslog-ng-3.2.4-use-cap_syslog.patch b/app-admin/syslog-ng/files/syslog-ng-3.2.4-use-cap_syslog.patch
new file mode 100644
index 0000000..9b97f97
--- /dev/null
+++ b/app-admin/syslog-ng/files/syslog-ng-3.2.4-use-cap_syslog.patch
@@ -0,0 +1,172 @@
+From: Balazs Scheidler <bazsi@balabit.hu>
+Date: Thu, 12 May 2011 11:11:58 +0000 (+0200)
+Subject: Use CAP_SYSLOG instead of CAP_SYS_ADMIN, if available.
+X-Git-Url: http://git.balabit.hu/?p=algernon%2Fsyslog-ng-3.2.git;a=commitdiff_plain;h=54a316a1692a3baac3f65e9eaecd962e46a9dfc8
+
+Use CAP_SYSLOG instead of CAP_SYS_ADMIN, if available.
+
+If cap_syslog exists, the kernel will complain (once) that we only
+have cap_sys_admin.  Additionally, using cap_syslog instead of
+cap_sys_admin significantly lowers the unneeded privs we are
+using.
+
+Upon startup, syslog-ng will detect whether CAP_SYSLOG is available,
+and use capabilities based on that finding. This detection will also
+have a side-effect, which will make it so that
+g_process_cap_modify(CAP_SYSLOG) will fall back to CAP_SYS_ADMIN, if
+CAP_SYSLOG support was not detected.
+
+Thanks to Andrew Morgan for pointing out a nice way to detect whether
+the kernel has CAP_SYSLOG. Original code by Serge Hallyn, with minor
+changes based on Balazs Scheidler's review by Gergely Nagy.
+
+Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
+Signed-off-by: Gergely Nagy <algernon@balabit.hu>
+Signed-off-by: Balazs Scheidler <bazsi@balabit.hu>
+---
+
+diff --git a/lib/gprocess.c b/lib/gprocess.c
+index 38bcb12..e2159fc 100644
+--- a/lib/gprocess.c
++++ b/lib/gprocess.c
+@@ -98,6 +98,7 @@ static gint startup_result_pipe[2] = { -1, -1 };
+ static gint init_result_pipe[2] = { -1, -1 };
+ static GProcessKind process_kind = G_PK_STARTUP;
+ static gboolean stderr_present = TRUE;
++static int have_capsyslog = FALSE;
+ 
+ /* global variables */
+ static struct
+@@ -216,6 +217,13 @@ g_process_cap_modify(int capability, int onoff)
+   if (!process_opts.caps)
+     return TRUE;
+ 
++  /*
++   * if libcap or kernel doesn't support cap_syslog, then resort to
++   * cap_sys_admin
++   */
++  if (capability == CAP_SYSLOG && (!have_capsyslog || CAP_SYSLOG == -1))
++    capability = CAP_SYS_ADMIN;
++
+   caps = cap_get_proc();
+   if (!caps)
+     return FALSE;
+@@ -297,6 +305,25 @@ g_process_cap_restore(cap_t r)
+   return;
+ }
+ 
++gboolean
++g_process_check_cap_syslog(void)
++{
++  int ret;
++
++  if (have_capsyslog)
++    return TRUE;
++
++  if (CAP_SYSLOG == -1)
++    return FALSE;
++
++  ret = prctl(PR_CAPBSET_READ, CAP_SYSLOG);
++  if (ret == -1)
++    return FALSE;
++
++  have_capsyslog = TRUE;
++  return TRUE;
++}
++
+ #endif
+ 
+ /**
+diff --git a/lib/gprocess.h b/lib/gprocess.h
+index a6dd7c4..1bdd719 100644
+--- a/lib/gprocess.h
++++ b/lib/gprocess.h
+@@ -46,6 +46,10 @@ gboolean g_process_cap_modify(int capability, int onoff);
+ cap_t g_process_cap_save(void);
+ void g_process_cap_restore(cap_t r);
+ 
++#ifndef CAP_SYSLOG
++#define CAP_SYSLOG -1
++#endif
++
+ #else
+ 
+ typedef gpointer cap_t;
+@@ -71,6 +75,8 @@ void g_process_set_argv_space(gint argc, gchar **argv);
+ void g_process_set_use_fdlimit(gboolean use);
+ void g_process_set_check(gint check_period, gboolean (*check_fn)(void));
+ 
++gboolean g_process_check_cap_syslog(void);
++
+ void g_process_start(void);
+ void g_process_startup_failed(guint ret_num, gboolean may_exit);
+ void g_process_startup_ok(void);
+diff --git a/modules/affile/affile.c b/modules/affile/affile.c
+index ce343cd..bb8aa75 100644
+--- a/modules/affile/affile.c
++++ b/modules/affile/affile.c
+@@ -59,7 +59,7 @@ affile_open_file(gchar *name, gint flags,
+   if (privileged)
+     {
+       g_process_cap_modify(CAP_DAC_READ_SEARCH, TRUE);
+-      g_process_cap_modify(CAP_SYS_ADMIN, TRUE);
++      g_process_cap_modify(CAP_SYSLOG, TRUE);
+     }
+   else
+     {
+diff --git a/syslog-ng/main.c b/syslog-ng/main.c
+index 9880c1f..02f17b6 100644
+--- a/syslog-ng/main.c
++++ b/syslog-ng/main.c
+@@ -363,6 +363,33 @@ version(void)
+          ON_OFF_STR(ENABLE_PACCT_MODULE));
+ }
+ 
++#if ENABLE_LINUX_CAPS
++#define BASE_CAPS "cap_net_bind_service,cap_net_broadcast,cap_net_raw," \
++  "cap_dac_read_search,cap_dac_override,cap_chown,cap_fowner=p "
++
++static void
++setup_caps (void)
++{
++  static gchar *capsstr_syslog = BASE_CAPS "cap_syslog=ep";
++  static gchar *capsstr_sys_admin = BASE_CAPS "cap_sys_admin=ep";
++
++  /* Set up the minimal privilege we'll need
++   *
++   * NOTE: polling /proc/kmsg requires cap_sys_admin, otherwise it'll always
++   * indicate readability. Enabling/disabling cap_sys_admin on every poll
++   * invocation seems to be too expensive. So I enable it for now.
++   */
++  if (g_process_check_cap_syslog())
++    g_process_set_caps(capsstr_syslog);
++  else
++    g_process_set_caps(capsstr_sys_admin);
++}
++#else
++
++#define setup_caps()
++
++#endif
++
+ int 
+ main(int argc, char *argv[])
+ {
+@@ -374,14 +401,9 @@ main(int argc, char *argv[])
+   z_mem_trace_init("syslog-ng.trace");
+ 
+   g_process_set_argv_space(argc, (gchar **) argv);
+-  
+-  /* NOTE: polling /proc/kmsg requires cap_sys_admin, otherwise it'll always
+-   * indicate readability. Enabling/disabling cap_sys_admin on every poll
+-   * invocation seems to be too expensive. So I enable it for now. */
+-  
+-  g_process_set_caps("cap_net_bind_service,cap_net_broadcast,cap_net_raw,"
+-                     "cap_dac_read_search,cap_dac_override,cap_chown,cap_fowner=p "
+-                     "cap_sys_admin=ep");
++
++  setup_caps();
++
+   ctx = g_option_context_new("syslog-ng");
+   g_process_add_option_group(ctx);
+   msg_add_option_group(ctx);
diff --git a/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.3.2 b/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.3.2
new file mode 100644
index 0000000..2589f2f
--- /dev/null
+++ b/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.3.2
@@ -0,0 +1,37 @@
+@version: 3.2
+# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.3.2,v 1.1 2011/01/18 17:44:14 mr_bones_ Exp $
+#
+# Syslog-ng default configuration file for Gentoo Linux
+
+options { 
+	chain_hostnames(no); 
+
+	# The default action of syslog-ng is to log a STATS line
+	# to the file every 10 minutes.  That's pretty ugly after a while.
+	# Change it to every 12 hours so you get a nice daily update of
+	# how many messages syslog-ng missed (0).
+	stats_freq(43200); 
+	# The default action of syslog-ng is to log a MARK line
+	# to the file every 20 minutes.  That's seems high for most
+	# people so turn it down to once an hour.  Set it to zero
+	# if you don't want the functionality at all.
+	mark_freq(3600); 
+};
+
+source src {
+    unix-stream("/dev/log" max-connections(256));
+    internal();
+    file("/proc/kmsg");
+};
+
+destination messages { file("/var/log/messages"); };
+
+# By default messages are logged to tty12...
+destination console_all { file("/dev/tty12"); };
+# ...if you intend to use /dev/console for programs like xconsole
+# you can comment out the destination line above that references /dev/tty12
+# and uncomment the line below.
+#destination console_all { file("/dev/console"); };
+
+log { source(src); destination(messages); };
+log { source(src); destination(console_all); };
diff --git a/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.fbsd.3.2 b/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.fbsd.3.2
new file mode 100644
index 0000000..61853bd
--- /dev/null
+++ b/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.fbsd.3.2
@@ -0,0 +1,24 @@
+@version: 3.2
+# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.fbsd.3.2,v 1.1 2011/01/18 17:44:14 mr_bones_ Exp $
+#
+# Syslog-ng default configuration file for Gentoo FreeBSD
+#
+options {
+	chain_hostnames(no);
+
+	# The default action of syslog-ng is to log a STATS line
+	# to the file every 10 minutes.  That's pretty ugly after a while.
+	# Change it to every 12 hours so you get a nice daily update of
+	# how many messages syslog-ng missed (0).
+	stats_freq(43200); 
+};
+
+source src {
+    unix-dgram("/var/run/log");
+    internal();
+    file("/dev/klog");
+};
+
+destination messages { file("/var/log/messages"); };
+
+log { source(src); destination(messages); };
diff --git a/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.hardened.3.2 b/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.hardened.3.2
new file mode 100644
index 0000000..3fcffa9
--- /dev/null
+++ b/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.hardened.3.2
@@ -0,0 +1,111 @@
+@version: 3.2
+# Copyright 2005-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.hardened.3.2,v 1.1 2011/01/18 17:44:14 mr_bones_ Exp $
+
+#
+# Syslog-ng configuration file, compatible with default hardened installations.
+#
+
+options {
+	chain_hostnames(no);
+	stats_freq(43200);
+};
+
+source src {
+    unix-stream("/dev/log");
+    internal();
+};
+source kernsrc {
+    file("/proc/kmsg");
+};
+
+#source net { udp(); };
+#log { source(net); destination(net_logs); };
+#destination net_logs { file("/var/log/HOSTS/$HOST/$YEAR$MONTH$DAY.log"); };
+
+destination authlog { file("/var/log/auth.log"); };
+destination _syslog { file("/var/log/syslog"); };
+destination cron { file("/var/log/cron.log"); };
+destination daemon { file("/var/log/daemon.log"); };
+destination kern { file("/var/log/kern.log"); file("/dev/tty12"); };
+destination lpr { file("/var/log/lpr.log"); };
+destination user { file("/var/log/user.log"); };
+destination uucp { file("/var/log/uucp.log"); };
+#destination ppp { file("/var/log/ppp.log"); };
+destination mail { file("/var/log/mail.log"); };
+
+destination avc { file("/var/log/avc.log"); };
+destination audit { file("/var/log/audit.log"); };
+destination pax { file("/var/log/pax.log"); };
+destination grsec { file("/var/log/grsec.log"); };
+
+destination mailinfo { file("/var/log/mail.info"); };
+destination mailwarn { file("/var/log/mail.warn"); };
+destination mailerr { file("/var/log/mail.err"); };
+
+destination newscrit { file("/var/log/news/news.crit"); };
+destination newserr { file("/var/log/news/news.err"); };
+destination newsnotice { file("/var/log/news/news.notice"); };
+
+destination debug { file("/var/log/debug"); };
+destination messages { file("/var/log/messages"); };
+destination console { usertty("root"); };
+destination console_all { file("/dev/tty12"); };
+#destination loghost { udp("loghost" port(999)); };
+
+destination xconsole { pipe("/dev/xconsole"); };
+
+filter f_auth { facility(auth); };
+filter f_authpriv { facility(auth, authpriv); };
+filter f_syslog { not facility(authpriv, mail); };
+filter f_cron { facility(cron); };
+filter f_daemon { facility(daemon); };
+filter f_kern { facility(kern); };
+filter f_lpr { facility(lpr); };
+filter f_mail { facility(mail); };
+filter f_user { facility(user); };
+filter f_uucp { facility(uucp); };
+#filter f_ppp { facility(ppp); };
+filter f_news { facility(news); };
+filter f_debug { not facility(auth, authpriv, news, mail); };
+filter f_messages { level(info..warn)
+	and not facility(auth, authpriv, mail, news); };
+filter f_emergency { level(emerg); };
+
+filter f_info { level(info); };
+
+filter f_notice { level(notice); };
+filter f_warn { level(warn); };
+filter f_crit { level(crit); };
+filter f_err { level(err); };
+
+filter f_avc { message(".*avc: .*"); };
+filter f_audit { message("^(\\[.*\..*\] |)audit.*") and not message(".*avc: .*"); };
+filter f_pax { message("^(\\[.*\..*\] |)PAX:.*"); };
+filter f_grsec { message("^(\\[.*\..*\] |)grsec:.*"); };
+
+log { source(src); filter(f_authpriv); destination(authlog); };
+log { source(src); filter(f_syslog); destination(_syslog); };
+log { source(src); filter(f_cron); destination(cron); };
+log { source(src); filter(f_daemon); destination(daemon); };
+log { source(kernsrc); filter(f_kern); destination(kern); };
+log { source(src); filter(f_lpr); destination(lpr); };
+log { source(src); filter(f_mail); destination(mail); };
+log { source(src); filter(f_user); destination(user); };
+log { source(src); filter(f_uucp); destination(uucp); };
+log { source(kernsrc); filter(f_pax); destination(pax); };
+log { source(kernsrc); filter(f_grsec); destination(grsec); };
+log { source(kernsrc); filter(f_audit); destination(audit); };
+log { source(kernsrc); filter(f_avc); destination(avc); };
+log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };
+log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };
+log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };
+log { source(src); filter(f_news); filter(f_crit); destination(newscrit); };
+log { source(src); filter(f_news); filter(f_err); destination(newserr); };
+log { source(src); filter(f_news); filter(f_notice); destination(newsnotice); };
+log { source(src); filter(f_debug); destination(debug); };
+log { source(src); filter(f_messages); destination(messages); };
+log { source(src); filter(f_emergency); destination(console); };
+#log { source(src); filter(f_ppp); destination(ppp); };
+log { source(src); destination(console_all); };
diff --git a/app-admin/syslog-ng/files/syslog-ng.confd b/app-admin/syslog-ng/files/syslog-ng.confd
new file mode 100644
index 0000000..170862f
--- /dev/null
+++ b/app-admin/syslog-ng/files/syslog-ng.confd
@@ -0,0 +1,6 @@
+# Config file for /etc/init.d/syslog-ng
+
+# Put any additional options for syslog-ng here.
+# See syslog-ng(8) for more information.
+
+SYSLOG_NG_OPTS=""
diff --git a/app-admin/syslog-ng/files/syslog-ng.logrotate b/app-admin/syslog-ng/files/syslog-ng.logrotate
new file mode 100644
index 0000000..e982686
--- /dev/null
+++ b/app-admin/syslog-ng/files/syslog-ng.logrotate
@@ -0,0 +1,13 @@
+# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.logrotate,v 1.3 2008/10/15 20:46:12 mr_bones_ Exp $
+#
+# Syslog-ng logrotate snippet for Gentoo Linux
+# contributed by Michael Sterrett
+#
+
+/var/log/messages {
+    missingok
+    sharedscripts
+    postrotate
+        /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true
+    endscript
+}
diff --git a/app-admin/syslog-ng/files/syslog-ng.logrotate.hardened b/app-admin/syslog-ng/files/syslog-ng.logrotate.hardened
new file mode 100644
index 0000000..b743b14
--- /dev/null
+++ b/app-admin/syslog-ng/files/syslog-ng.logrotate.hardened
@@ -0,0 +1,76 @@
+# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.logrotate.hardened,v 1.3 2010/04/05 22:19:33 zorry Exp $
+#
+# Syslog-ng logrotate snippet for Hardened Gentoo Linux
+# contributed by Maciej Grela
+#
+# Updated bug #284669
+
+# Generic
+/var/log/debug /var/log/syslog /var/log/kern.log {
+    sharedscripts
+    missingok
+    postrotate
+        /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true
+    endscript
+}
+
+# System services
+/var/log/cron.log /var/log/daemon.log /var/log/lpr.log /var/log/uucp.log {
+    sharedscripts
+    missingok
+    postrotate
+        /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true
+    endscript
+}
+
+# User log
+/var/log/user.log {
+    sharedscripts
+    missingok
+    postrotate
+        /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true
+    endscript
+}
+
+# News system
+/var/log/news/news.crit /var/log/news/news.err /var/log/news/news.notice {
+    sharedscripts
+    missingok
+    postrotate
+        /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true
+    endscript
+}
+
+# Mail system
+/var/log/mail.log /var/log/mail.info /var/log/mail.err /var/log/mail.warn {
+    sharedscripts
+    missingok
+    postrotate
+        /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true
+    endscript
+}
+
+# Hardened logs
+/var/log/avc.log /var/log/audit.log /var/log/pax.log /var/log/grsec.log {
+    sharedscripts
+    missingok
+    postrotate
+        /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true
+    endscript
+}
+
+# Authentication
+/var/log/auth.log {
+    sharedscripts
+    postrotate
+        /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true
+    endscript
+}
+
+# the rest
+/var/log/messages {
+    sharedscripts
+    postrotate
+        /etc/init.d/syslog-ng reload > /dev/null 2>&1 || true
+    endscript
+}
diff --git a/app-admin/syslog-ng/files/syslog-ng.rc6.3 b/app-admin/syslog-ng/files/syslog-ng.rc6.3
new file mode 100644
index 0000000..7bd8120
--- /dev/null
+++ b/app-admin/syslog-ng/files/syslog-ng.rc6.3
@@ -0,0 +1,60 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.rc6.3,v 1.1 2010/04/06 02:11:35 mr_bones_ Exp $
+
+opts="checkconfig reload"
+
+depend() {
+	# Make networking dependency conditional on configuration
+	case $(sed 's/#.*//' /etc/syslog-ng/syslog-ng.conf) in
+		*source*tcp*|*source*udp*|*destination*tcp*|*destination*udp*)
+			need net
+			use stunnel ;;
+	esac
+
+	config /etc/syslog-ng/syslog-ng.conf
+	use clock
+	need hostname localmount
+	provide logger
+}
+
+checkconfig() {
+	if [ ! -e /etc/syslog-ng/syslog-ng.conf ] ; then
+		eerror "You need to create /etc/syslog-ng/syslog-ng.conf first."
+		eerror "An example can be found in /etc/syslog-ng/syslog-ng.conf.sample"
+		return 1
+	fi
+	syslog-ng -s -f /etc/syslog-ng/syslog-ng.conf
+	
+	# the start and reload functions have their own eends so 
+	# avoid calling this twice when there are no problems
+	[ $? -eq 0 ] || eend $? "Configuration error. Please fix your configfile (/etc/syslog-ng/syslog-ng.conf)"
+}
+
+start() {
+	checkconfig || return 1
+	ebegin "Starting syslog-ng"
+	[ -n "${SYSLOG_NG_OPTS}" ] && SYSLOG_NG_OPTS="-- ${SYSLOG_NG_OPTS}"
+	start-stop-daemon --start --pidfile /var/run/syslog-ng.pid --exec /usr/sbin/syslog-ng ${SYSLOG_NG_OPTS}
+	eend $? "Failed to start syslog-ng"
+}
+
+stop() {
+	ebegin "Stopping syslog-ng"
+	start-stop-daemon --stop --pidfile /var/run/syslog-ng.pid
+	eend $? "Failed to stop syslog-ng"
+	sleep 1 # needed for syslog-ng to stop in case we're restarting
+}
+
+reload() {
+	if [ ! -f /var/run/syslog-ng.pid ]; then
+		eerror "syslog-ng isn't running"
+		return 1
+	fi
+	checkconfig || return 1
+	ebegin "Reloading configuration and re-opening log files"
+	start-stop-daemon --stop --oknodo --signal HUP \
+	    --pidfile /var/run/syslog-ng.pid
+	eend $?
+}
diff --git a/app-admin/syslog-ng/syslog-ng-3.2.4-r1.ebuild b/app-admin/syslog-ng/syslog-ng-3.2.4-r1.ebuild
new file mode 100644
index 0000000..ac0bace
--- /dev/null
+++ b/app-admin/syslog-ng/syslog-ng-3.2.4-r1.ebuild
@@ -0,0 +1,113 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/syslog-ng-3.2.4.ebuild,v 1.9 2011/07/09 17:35:34 xarthisius Exp $
+
+EAPI=2
+inherit autotools fixheadtails eutils multilib
+
+MY_PV=${PV/_/}
+DESCRIPTION="syslog replacement with advanced filtering features"
+HOMEPAGE="http://www.balabit.com/products/syslog_ng/"
+SRC_URI="http://www.balabit.com/downloads/files/syslog-ng/sources/${PV}/source/syslog-ng_${PV}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 sh sparc x86 ~x86-fbsd"
+IUSE="caps hardened ipv6 +pcre selinux spoof-source sql ssl static tcpd"
+RESTRICT="test"
+
+LIBS_DEPEND="
+	spoof-source? ( net-libs/libnet )
+	ssl? ( dev-libs/openssl )
+	tcpd? ( >=sys-apps/tcp-wrappers-7.6 )
+	!static? ( >=dev-libs/eventlog-0.2.12 )
+	>=dev-libs/glib-2.10.1:2
+	caps? ( sys-libs/libcap )
+	sql? ( >=dev-db/libdbi-0.8.3 )"
+RDEPEND="
+	!static? (
+		pcre? ( dev-libs/libpcre )
+		${LIBS_DEPEND}
+	)"
+DEPEND="${RDEPEND}
+	${LIBS_DEPEND}
+	static? ( >=dev-libs/eventlog-0.2.12[static-libs] )
+	dev-util/pkgconfig
+	sys-devel/flex"
+
+src_prepare() {
+	ht_fix_file configure.in
+	eautoreconf
+	epatch "${FILESDIR}"/${P}-use-cap_syslog.patch
+}
+
+src_configure() {
+	local myconf
+
+	if use static ; then
+		myconf="${myconf} --enable-static-linking"
+		if use pcre ; then
+			ewarn "USE=pcre is incompatible with static linking"
+			myconf="${myconf} --disable-pcre"
+		fi
+	else
+			myconf="${myconf} --enable-dynamic-linking"
+	fi
+	econf \
+		--disable-dependency-tracking \
+		--sysconfdir=/etc/syslog-ng \
+		--localstatedir=/var/lib/misc \
+		--with-pidfile-dir=/var/run \
+		--with-module-dir=/usr/$(get_libdir)/syslog-ng \
+		$(use_enable caps linux-caps) \
+		$(use_enable ipv6) \
+		$(use_enable pcre) \
+		$(use_enable spoof-source) \
+		$(use_enable sql) \
+		$(use_enable ssl) \
+		$(use_enable tcpd tcp-wrapper) \
+		${myconf}
+}
+
+src_install() {
+	emake DESTDIR="${D}" install || die "emake install failed"
+
+	dodoc AUTHORS ChangeLog NEWS README \
+		doc/examples/{syslog-ng.conf.sample,syslog-ng.conf.solaris} \
+		contrib/syslog-ng.conf* \
+		contrib/syslog2ng "${FILESDIR}/syslog-ng.conf."*
+
+	# Install default configuration
+	insinto /etc/syslog-ng
+	if use hardened || use selinux ; then
+		newins "${FILESDIR}/syslog-ng.conf.gentoo.hardened.${PV%.*}" syslog-ng.conf || die
+	elif use userland_BSD ; then
+		newins "${FILESDIR}/syslog-ng.conf.gentoo.fbsd.${PV%.*}" syslog-ng.conf || die
+	else
+		newins "${FILESDIR}/syslog-ng.conf.gentoo.${PV%.*}" syslog-ng.conf || die
+	fi
+
+	insinto /etc/logrotate.d
+	# Install snippet for logrotate, which may or may not be installed
+	if use hardened || use selinux ; then
+		newins "${FILESDIR}/syslog-ng.logrotate.hardened" syslog-ng || die
+	else
+		newins "${FILESDIR}/syslog-ng.logrotate" syslog-ng || die
+	fi
+
+	newinitd "${FILESDIR}/syslog-ng.rc6.${PV%%.*}" syslog-ng || die
+	newconfd "${FILESDIR}/syslog-ng.confd" syslog-ng || die
+	keepdir /etc/syslog-ng/patterndb.d
+	find "${D}" -type f -name '*.la' -exec rm {} + || die
+}
+
+pkg_postinst() {
+	# bug #355257
+	if ! has_version app-admin/logrotate ; then
+		echo
+		elog "It is highly recommended that app-admin/logrotate be emerged to"
+		elog "manage the log files.  ${PN} installs a file in /etc/logrotate.d"
+		elog "for logrotate to use."
+		echo
+	fi
+}