From owner-freebsd-questions@FreeBSD.ORG Wed Jan 14 10:19:27 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id CF4256E7 for ; Wed, 14 Jan 2015 10:19:27 +0000 (UTC) Received: from smtp.fagskolen.gjovik.no (smtp.fagskolen.gjovik.no [IPv6:2001:700:1100:1:200:ff:fe00:b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.fagskolen.gjovik.no", Issuer "Fagskolen i Gj??vik" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 3B15BAAF for ; Wed, 14 Jan 2015 10:19:26 +0000 (UTC) Received: from mail.fig.ol.no (localhost [127.0.0.1]) by mail.fig.ol.no (8.14.9/8.14.9) with ESMTP id t0EAJ97L011693 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 14 Jan 2015 11:19:09 +0100 (CET) (envelope-from trond@fagskolen.gjovik.no) Received: from localhost (trond@localhost) by mail.fig.ol.no (8.14.9/8.14.9/Submit) with ESMTP id t0EAJ9nW011690; Wed, 14 Jan 2015 11:19:09 +0100 (CET) (envelope-from trond@fagskolen.gjovik.no) X-Authentication-Warning: mail.fig.ol.no: trond owned process doing -bs Date: Wed, 14 Jan 2015 11:19:09 +0100 (CET) From: =?ISO-8859-1?Q?Trond_Endrest=F8l?= Sender: Trond.Endrestol@fagskolen.gjovik.no To: Olivier Nicole Subject: Re: Rotating freeradius log In-Reply-To: Message-ID: References: User-Agent: Alpine 2.11 (BSF 23 2013-08-11) Organization: Fagskolen Innlandet OpenPGP: url=http://fig.ol.no/~trond/trond.key MIME-Version: 1.0 X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED autolearn=ham autolearn_force=no version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mail.fig.ol.no Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: 8BIT X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Jan 2015 10:19:27 -0000 On Wed, 14 Jan 2015 16:49+0700, Olivier Nicole wrote: > Hi, > > Is there a way to use newsyslog to rotate freeradius accounting logs? > > Freeradius creates accounting logs of the form > /var/log/radacct/IP-ADDRESS/reply-detail-DATE and > /var/log/radacct/IP-ADDRESS/auth-detail-DATE > > Is there a way to configure newsyslog to remove the files that are older > than X days? > > /var/log/radacct/*/* is not working in /etc/newsyslog.conf How about creating an entry in /etc/crontab, executing: /usr/bin/find /var/log/radacct -mtime 7d -delete The example above deletes everything older than 7 days. See find(1) for more information, the documentation for the -mtime option refers to the documentation for -atime option. We can refine the example to only cover (ordinary) files: /usr/bin/find /var/log/radacct -type f -mtime 7d -delete -- +-------------------------------+------------------------------------+ | Vennlig hilsen, | Best regards, | | Trond Endrestøl, | Trond Endrestøl, | | IT-ansvarlig, | System administrator, | | Fagskolen Innlandet, | Gjøvik Technical College, Norway, | | tlf. mob. 952 62 567, | Cellular...: +47 952 62 567, | | sentralbord 61 14 54 00. | Switchboard: +47 61 14 54 00. | +-------------------------------+------------------------------------+ From owner-freebsd-questions@FreeBSD.ORG Wed Jan 14 21:36:58 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A1E19BE3 for ; Wed, 14 Jan 2015 21:36:58 +0000 (UTC) Received: from mail-wg0-x236.google.com (mail-wg0-x236.google.com [IPv6:2a00:1450:400c:c00::236]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 33B4FE90 for ; Wed, 14 Jan 2015 21:36:58 +0000 (UTC) Received: by mail-wg0-f54.google.com with SMTP id z12so11397776wgg.13 for ; Wed, 14 Jan 2015 13:36:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:content-transfer-encoding:subject:message-id:date :to:mime-version; bh=vt/sx+BArB8hhilCPZ7qJ1QV0PD1yuz4LCiEruhwNz0=; b=tkvQTGkS5niiEamEn+0yqd84t5TWxC/K2uTeTLu1mFFDkEAoMyxnOy1eA+NbYNGr6u yfSVRPd2P3xtbehLSAOgBR4NlYgOz7F6smThoSRm63uEuC6q/d6cdIU4Jf0l8b5nPF3+ eCj/SCpjx9thkH1jRy0bi/ycvR4J4iNuu72lFzr62y+U+m7qJlkzvnNxs5OpUnHbqTBK x4wq3RtAVWF6ez/7lo463Bf+/7+tB2bKa5qNnUHnw0uNzRJ7BKKmhlCt1YTiUWfiSHfk 512KfK/uNWVHEsfxbazcnzQo34cUmm0Tzkp1YUJeokMghJl5Zdad3WEt8WtNcTEO9B3H vnpA== X-Received: by 10.194.243.165 with SMTP id wz5mr11286551wjc.98.1421271416475; Wed, 14 Jan 2015 13:36:56 -0800 (PST) Received: from [30.10.10.111] ([41.33.182.201]) by mx.google.com with ESMTPSA id u13sm31673658wjr.26.2015.01.14.13.36.55 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 14 Jan 2015 13:36:55 -0800 (PST) From: Florian Heigl Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Subject: https://svn0.eu.freebsd.org self signed Cert Message-Id: <397D5A8E-6497-4015-9D61-3D196EF22ADE@gmail.com> Date: Wed, 14 Jan 2015 23:36:53 +0200 To: freebsd-questions@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) X-Mailer: Apple Mail (2.1878.6) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Jan 2015 21:36:58 -0000 Hi, I wonder if this has been brought up before but didn=92t see anything = about it. The EU SVN mirror is running a selfsigned cert, while the US one is = running with a public accepted cert. The documentation has the fingerprint for the certificate, it can be = found at: https://www.freebsd.org/doc/handbook/svn.html Honestly it would be a lot easier to simply use a valid and public = certificate for each of the SVN mirrors. By now we should all have learned that any, really any slight chance of = attack is being abused. With a self signed cert we offload the problem to all users to actually = verify the cert each time they do a fresh checkout.=20 Even better, with a self-signed cert we won=92t have any CRL support, = right? Or is there a CRL provided for them? (Disclaimer, mostly this depends on that feature =93ever=94 being added = to SVN anyway) I hope this plea reaches the right set of eyes for consideration. Since the SVN page asks to send any questions to -questions instead of = mirrors/infra, i=92m sending it here. tl;dr Please: ditch any self signed certs from freebsd source and build infra = chain.