Proc logrotate zacal mazat /var/log/wtmp
Adam Pribyl
pribyl na lowlevel.cz
Čtvrtek Prosinec 3 13:17:18 CET 2015
Jen napady:
1. wtmp neni bezny textovy log, nevim co myslite tim "vytvorim"
/var/log/wtmp, ale ja bych tedy rucne nic nevytvarel, typl bych ze se
vytvori prvnim prihlasenim.
2. logrotate se samozrejme pousti z cronu kazdy den (resp. jak to mate
nastaveno), na soubor si sahne zjisti minsize a ze to je monthly a
nerotuje, ale dela to pokazde.
Podle me vam tedy wtmp odstranuje neco jineho.
On Wed, 2 Dec 2015, Pavel wrote:
> Dobry vecer,
>
> resim dalsi zahadu, Linux Slackware 14, na jednom serveru po vypnuti
> proudu a padu stroje kdyz dosli baterky zacal mizet soubor
> /var/log/wtmp po spusteni /usr/bin/run-parts /etc/cron.daily ve 4:40
> jak je standartni. Zde je logrotate:
>
> #!/bin/sh
> /usr/sbin/logrotate /etc/logrotate.conf
> [ $? != 0 ] && /usr/bin/logger -t logrotate "ALERT - exited abnormally."
>
> konfigurace rovnez standartni:
>
> # /etc/logrotate.conf
> #
> # logrotate is designed to ease administration of systems that generate large
> # numbers of log files. It allows automatic rotation, compression, removal, and
> # mailing of log files. Each log file may be handled daily, weekly, monthly, or
> # when it grows too large.
> #
> # logrotate is normally run daily from root's crontab.
> #
> # For more details, see "man logrotate".
>
> # rotate log files weekly:
> weekly
>
> # keep 4 weeks worth of backlogs:
> rotate 4
>
> # create new (empty) log files after rotating old ones:
> create
>
> # uncomment if you want to use the date as a suffix of the rotated file
> #dateext
>
> # uncomment this if you want your log files compressed:
> #compress
>
> # some packages install log rotation information in this directory:
> include /etc/logrotate.d
>
> # Rotate /var/log/wtmp:
> /var/log/wtmp {
> monthly
> create 0664 root utmp
> minsize 1M
> rotate 1
> }
>
> # Rotate /var/log/btmp:
> /var/log/btmp {
> monthly
> create 0600 root root
> rotate 1
> }
>
>
> Na konci mesice to probehne korektne, ale nechapu proc se to spousti
> kazdy den, kdyz je v konfiguraku napsano "monthly". Bezelo to od
> instalace v pohode a ted kdyz tam vytvorim /var/log/wtmp, druhy den je
> pryc a od cronu email:
>
> Subj: cron for user root /usr/bin/run-parts /etc/cron.daily 1> /dev/null
> error: stat of /var/log/wtmp failed: No such file or directory
>
> Na druhem stroji sem porovnaval, soubory a jsou shodne a toto chovani
> se neprojevuje. Napada nekoho kde hledat chybu ?
>
> Dekuji za nasmerovani
>
> --
> Pavel
>
Další informace o konferenci Linux