Help me please - what the hell in /var/log ??? logrotate crazyness :(( -rw-r--r-- 1 root root 0 Sep 7 19:30 xinetd.log-20050906 -rw-r--r-- 1 root root 0 Sep 8 19:45 xinetd.log-20050906-20050907 -rw-r--r-- 1 root root 0 Sep 9 20:00 xinetd.log-20050906-20050907-20050908 -rw-r--r-- 1 root root 0 Sep 10 20:15 xinetd.log-20050906-20050907-20050908-20050909 -rw-r--r-- 1 root root 0 Sep 11 20:30 xinetd.log-20050906-20050907-20050908-20050909-20050910 -rw-r--r-- 1 root root 0 Sep 12 20:45 xinetd.log-20050906-20050907-20050908-20050909-20050910-20050911 -rw-r--r-- 1 root root 0 Sep 13 21:00 xinetd.log-20050906-20050907-20050908-20050909-20050910-20050911-20050912
Quick Shot: rotate daily /var/log/* Btw. logrotate.conf and /etc/logrotate.d would be helpfull. Dirk suse-list schrieb:
Help me please - what the hell in /var/log ??? logrotate crazyness :(( -rw-r--r-- 1 root root 0 Sep 7 19:30 xinetd.log-20050906 -rw-r--r-- 1 root root 0 Sep 8 19:45 xinetd.log-20050906-20050907 -rw-r--r-- 1 root root 0 Sep 9 20:00 xinetd.log-20050906-20050907-20050908 -rw-r--r-- 1 root root 0 Sep 10 20:15 xinetd.log-20050906-20050907-20050908-20050909 -rw-r--r-- 1 root root 0 Sep 11 20:30 xinetd.log-20050906-20050907-20050908-20050909-20050910 -rw-r--r-- 1 root root 0 Sep 12 20:45 xinetd.log-20050906-20050907-20050908-20050909-20050910-20050911 -rw-r--r-- 1 root root 0 Sep 13 21:00 xinetd.log-20050906-20050907-20050908-20050909-20050910-20050911-20050912
-- xcldsc TRIA IT-consulting GmbH Joseph-Wild-Straße 20 81829 München Germany Tel: +49 (89) 92907-0 Fax: +49 (89) 92907-100 http://www.tria.de -------------------------------------------------------- working hard | for your success -------------------------------------------------------- Registergericht München HRB 113466 USt.-IdNr. DE 180017238 Steuer-Nr. 802/40600 Geschäftsführer: Richard Hofbauer kaufm. Geschäftsleitung: Rosa Igl -------------------------------------------------------- Nachricht von: Dirk.Schreiner@tria.de Nachricht an: admin_ips@ipp.kiev.ua, suse-security@suse.com # Dateianhänge: 0 Die Mitteilung dieser E-Mail ist vertraulich und nur für den oben genannten Empfänger bestimmt. Wenn Sie nicht der vorgesehene Empfänger dieser E-Mail oder mit der Aushändigung an ihn betraut sind, weisen wir darauf hin, daß jede Form der Kenntnisnahme, Veröffentlichung, Vervielfältigung sowie Weitergabe des Inhalts untersagt ist. Wir bitten Sie uns in diesem Fall umgehend zu unterrichten. Vielen Dank The information contained in this E-Mail is privileged and confidental intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient or competent to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this E-Mail is strictly prohibited. If you have received this E-Mail in error, please notify us immediately. Thank you
Dear Dirk, This happened to me too (on SuSE 9.3) and I found that it appeared to be caused by a bug in the SuSE-supplied /etc/logrotate.d/xinetd: it contained a wild-card entry so that rotated files got re-rotated. SuSE then released an updated package xinetd-2.3.13-45.2 which claimed to fix the problem, however it still looks bad to me. Bob On Mon, 3 Oct 2005, Dirk Schreiner wrote:
Quick Shot:
rotate daily /var/log/*
Btw. logrotate.conf and /etc/logrotate.d would be helpfull.
Dirk
suse-list schrieb:
Help me please - what the hell in /var/log ??? logrotate crazyness :(( -rw-r--r-- 1 root root 0 Sep 7 19:30 xinetd.log-20050906 -rw-r--r-- 1 root root 0 Sep 8 19:45 xinetd.log-20050906-20050907 -rw-r--r-- 1 root root 0 Sep 9 20:00 xinetd.log-20050906-20050907-20050908 -rw-r--r-- 1 root root 0 Sep 10 20:15 xinetd.log-20050906-20050907-20050908-20050909 -rw-r--r-- 1 root root 0 Sep 11 20:30 xinetd.log-20050906-20050907-20050908-20050909-20050910 -rw-r--r-- 1 root root 0 Sep 12 20:45 xinetd.log-20050906-20050907-20050908-20050909-20050910-20050911 -rw-r--r-- 1 root root 0 Sep 13 21:00 xinetd.log-20050906-20050907-20050908-20050909-20050910-20050911-20050912
-- xcldsc
TRIA IT-consulting GmbH Joseph-Wild-Straße 20 81829 München Germany Tel: +49 (89) 92907-0 Fax: +49 (89) 92907-100 http://www.tria.de --------------------------------------------------------
working hard | for your success
--------------------------------------------------------
Registergericht München HRB 113466
USt.-IdNr. DE 180017238 Steuer-Nr. 802/40600
Geschäftsführer: Richard Hofbauer kaufm. Geschäftsleitung: Rosa Igl
--------------------------------------------------------
Nachricht von: Dirk.Schreiner@tria.de
Nachricht an: admin_ips@ipp.kiev.ua, suse-security@suse.com
# Dateianhänge: 0 Die Mitteilung dieser E-Mail ist vertraulich und nur für den oben genannten Empfänger bestimmt. Wenn Sie nicht der vorgesehene Empfänger dieser E-Mail oder mit der Aushändigung an ihn betraut sind, weisen wir darauf hin, daß jede Form der Kenntnisnahme, Veröffentlichung, Vervielfältigung sowie Weitergabe des Inhalts untersagt ist. Wir bitten Sie uns in diesem Fall umgehend zu unterrichten. Vielen Dank The information contained in this E-Mail is privileged and confidental intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient or competent to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this E-Mail is strictly prohibited. If you have received this E-Mail in error, please notify us immediately. Thank you
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
============================================================== Bob Vickers R.Vickers@cs.rhul.ac.uk Dept of Computer Science, Royal Holloway, University of London WWW: http://www.cs.rhul.ac.uk/home/bobv Phone: +44 1784 443691
Hello, Am Montag, 3. Oktober 2005 16:01 schrieb Bob Vickers: [...]
SuSE then released an updated package xinetd-2.3.13-45.2 which claimed to fix the problem, however it still looks bad to me.
Did you restart xinetd after installing the update? [Fullquote moved to /dev/null] Regards, Christian Boltz -- Eine Windows-Kiste als Tor zu Welt - das wäre ja so, als würde man einen Blinden, einen Lahmen und einen Tauben als Wachschutz einsetzen. [Matthias Houdek in suse-linux]
Actually my language was a bit woolly. The problem hasn't recurred so far, but I still think the configuration file looks bad because of the wildcard. We seem to have wandered away from security so anyone interested had better contact me offline. Bob On Mon, 3 Oct 2005, Christian Boltz wrote:
Hello,
Am Montag, 3. Oktober 2005 16:01 schrieb Bob Vickers: [...]
SuSE then released an updated package xinetd-2.3.13-45.2 which claimed to fix the problem, however it still looks bad to me.
Did you restart xinetd after installing the update?
[Fullquote moved to /dev/null]
Regards,
Christian Boltz -- Eine Windows-Kiste als Tor zu Welt - das wäre ja so, als würde man einen Blinden, einen Lahmen und einen Tauben als Wachschutz einsetzen. [Matthias Houdek in suse-linux]
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
============================================================== Bob Vickers R.Vickers@cs.rhul.ac.uk Dept of Computer Science, Royal Holloway, University of London WWW: http://www.cs.rhul.ac.uk/home/bobv Phone: +44 1784 443691
On Mon, Oct 03, 2005 at 05:10:58PM +0100, Bob Vickers wrote:
Actually my language was a bit woolly. The problem hasn't recurred so far, but I still think the configuration file looks bad because of the wildcard.
We seem to have wandered away from security so anyone interested had better contact me offline.
Actually it now has at least the flag "notifempty", so this should not happen anymore. Ciao, Marcus
Hi Bob, Bob Vickers schrieb:
Dear Dirk,
This happened to me too (on SuSE 9.3) and I found that it appeared to be
oh that Version ;-( Consider a update to 10.x. ;-) Suse SCNR.
caused by a bug in the SuSE-supplied /etc/logrotate.d/xinetd: it contained a wild-card entry so that rotated files got re-rotated.
Sounds like my guess.
SuSE then released an updated package xinetd-2.3.13-45.2 which claimed to fix the problem, however it still looks bad to me.
Then you both _really_ should do a tar -cvzf mailfile.tar.gz /etc/logrotate* ; mutt -a mailfile.tar.gz .... Otherwise every additional answer only would be guessing. Dirk REST>> /dev/null TRIA IT-consulting GmbH Joseph-Wild-Straße 20 81829 München Germany Tel: +49 (89) 92907-0 Fax: +49 (89) 92907-100 http://www.tria.de -------------------------------------------------------- working hard | for your success -------------------------------------------------------- Registergericht München HRB 113466 USt.-IdNr. DE 180017238 Steuer-Nr. 802/40600 Geschäftsführer: Richard Hofbauer kaufm. Geschäftsleitung: Rosa Igl -------------------------------------------------------- Nachricht von: Dirk.Schreiner@tria.de Nachricht an: R.Vickers@cs.rhul.ac.uk, suse-security@suse.com # Dateianhänge: 0 Die Mitteilung dieser E-Mail ist vertraulich und nur für den oben genannten Empfänger bestimmt. Wenn Sie nicht der vorgesehene Empfänger dieser E-Mail oder mit der Aushändigung an ihn betraut sind, weisen wir darauf hin, daß jede Form der Kenntnisnahme, Veröffentlichung, Vervielfältigung sowie Weitergabe des Inhalts untersagt ist. Wir bitten Sie uns in diesem Fall umgehend zu unterrichten. Vielen Dank The information contained in this E-Mail is privileged and confidental intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient or competent to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this E-Mail is strictly prohibited. If you have received this E-Mail in error, please notify us immediately. Thank you
participants (5)
-
Bob Vickers -
Christian Boltz -
Dirk Schreiner -
Marcus Meissner -
suse-list