Misleading security message output
andrew-freebsd at areilly.bpc-users.org
Sun Apr 17 15:53:52 PDT 2005
On Sun, Apr 17, 2005 at 06:55:27AM -0700, Joshua Tinnin wrote:
> On Wed 13 Apr 05 19:59, Andrew Reilly
> > This could be avoided, perhaps, with a NetBSD-style backup/diff
> > mechanism, or (incompatibly) with daemontools/multilog-style
> > 64-bit time stamps in the log files. It can be worked-around
> > by forcing faster log-file rotations, now that I know about
> > the problem. I can't think of a really good widely-applicable
> > solution, using the existing framework, though.
> I'm not quite sure what you mean. Do you want a way to have the
> timestamp record the year as well, so that you can keep the default
That'd be one way to do it. Multilog, in the daemontools
package gives log messages a timestamp that (implicitly)
includes the date. The NetBSD method, of keeping a "yesterday"
backup of the log files, and diffing against the "now" versions
avoids the problem by making the search for "stuff that happened
since the last log e-mail" explicit. I don't much mind how the
bug is fixed. It would be nice, I think, if the bug fix didn't
amount to a documentation addition along the lines of "in order
for the nightly security messages to work properly, you must
tune the log-file rotation period so that log files are rotated
at least once per year. See newsyslog.conf(5)."
A reasonable bug-fix could be to add a when value of $ML to the
/var/log/messages line of the default /etc/newsyslog.conf. On
most machines that will have no effect, because rotation will
still be triggered by the size field. It will just make the
logic in the nightly security script correct.
More information about the freebsd-stable