logcheck doesn't work anymore
Marco Beishuizen
mbeis at xs4all.nl
Sat Sep 13 00:51:22 UTC 2008
On Fri, 12 Sep 2008 18:02:37 -0400
Greg Larkin <glarkin at freebsd.org> wrote:
> Hi Marco,
>
> Right you are! In fact, after my initial logcheck commit, someone
> opened a PR stating something very similar to what you noted:
> http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/127255
>
> The submitter's point is that the logcheck user should not be part of
> the wheel group, since that also confers the ability to su to root and
> read many files that should be private.
>
> A patch has been committed very recently to remove the logcheck user
> from the wheel group and change the verbiage in pkg-message:
> http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/logcheck/files/pkg-install.in.diff?r1=1.1;r2=1.2
> http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/logcheck/files/pkg-message.in.diff?r1=1.1;r2=1.2
>
> Any file that needs to be analyzed by logcheck will now have to be
> readable by the logcheck group instead of the wheel group.
>
> Best regards,
> Greg
> - --
> Greg Larkin
I upgraded to the latest version today and now there is a separate
logcheck group. But logcheck still only works when the logfiles have
permission 644. Most of them had permissions set to 600 but then I get
the same error messages as before.
Or should I change the owner of all logfiles from root to logcheck and
then the permissions back to 600?
Regards,
Marco
--
I'd rather just believe that it's done by little elves running around.
More information about the freebsd-questions
mailing list