Date: Sun, 14 Mar 1999 20:38:24 +0100 (CET) From: des@flood.ping.uio.no To: FreeBSD-gnats-submit@freebsd.org Subject: misc/10589: Incorrect assumptions in /etc/security Message-ID: <199903141938.UAA91122@niobe.ewox.org>
next in thread | raw e-mail | index | archive | help
>Number: 10589 >Category: misc >Synopsis: Incorrect assumptions in /etc/security >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Mar 14 12:20:00 PST 1999 >Closed-Date: >Last-Modified: >Originator: Dag-Erling Smørgrav >Release: FreeBSD 4.0-CURRENT i386 >Organization: >Environment: All FreeBSD releases since 2.2.7 >Description: /etc/security makes at least two assumptions about /var/log/messages: - that it is rotated daily; since it is normally only rotated when it reaches 100 kB, /etc/security will report certain items (login failures, refused connections) repeatedly until the log is rotated. I have a box which has been screaming about the same old login failures for more than two weeks. - that it contains all log messages from the preceding 24 hours. Since the log file can be rotated at any time, perhaps only seconds before /etc/security is run, it is entirely possible for /etc/security to never report anything at all. For instance, if newsyslog.conf is modified so that /var/log/messages is rotated daily (perhaps in an attempt to fix the problem described above), and a default /etc/crontab is used (which runs the daily maintenance scripts at 2 am every morning), the security check will only report login failures and refused connections which occur between 12 am and 2 am every morning. >How-To-Repeat: Leave your computer on for a few days. Read root mail. >Fix: The solution is left as an exercise to the reader. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199903141938.UAA91122>