Bug 196671

Summary: SECURITY logrotate just keep last month of logs
Product: [Fedora] Fedora Reporter: Sergio Basto <sergio>
Component: logrotateAssignee: Peter Vrabec <pvrabec>
Status: CLOSED WONTFIX QA Contact:
Severity: high Docs Contact:
Priority: medium    
Version: 5CC: redhat-bugzilla
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-06-30 12:16:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Sergio Basto 2006-06-26 12:31:38 UTC 
My server has been hacking, exploring a flaw in horde (http://www.horde.org/)
My ISP blocked my cable modem. 
I can't prove anything because I just have last month of logs, 
it is fair enough for have last year of logs changing logrotate.conf to 

diff /tmp/logrotate.conf /etc/logrotate.conf
6c6
< rotate 4
---
> rotate 52
Comment 1 Peter Vrabec 2006-06-30 12:16:24 UTC 
I think this amount of logs could occupy enough disk space and this option is not suitable for 
most admins.
Comment 2 Sergio Basto 2006-06-30 12:30:55 UTC 
I don't agree , if exploiter knows, looks like is my case, just wait one month
and all logs of attack gone.
At least put 2 or 3 months .
Comment 3 Robert Scheck 2006-06-30 12:35:25 UTC 
I agree with Peter. Per default only very less people want to have what you're 
expecting as new default. Please remember, that /etc/logrotate.conf is marked as 
configuration file and won't be replaced during update when you modified it.
So /etc/logrotate.conf is a configuration file and provides IMHO well defaults. 
If you don't agree, just change the file to your needs.