Bug 151635 - /var/log/secure spam finding lastlog
/var/log/secure spam finding lastlog
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: util-linux (Show other bugs)
4
All Linux
medium Severity medium
: ---
: ---
Assigned To: Karel Zak
Ben Levenson
:
: 152635 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-03-21 04:57 EST by Joe Orton
Modified: 2007-11-30 17:11 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-03-30 05:57:00 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Joe Orton 2005-03-21 04:57:18 EST
Description of problem:
With a Raw Hide install I'm getting spam in /var/log/secure like:

Mar 21 09:44:23 trash sshd[12324]: Accepted publickey for jorton from
::ffff:172.16.18.90 port 42150 ssh2
Mar 21 09:44:23 trash sshd[12324]: lastlog_perform_login: Couldn't stat
/var/log/lastlog: No such file or directory
Mar 21 09:44:23 trash sshd[12324]: lastlog_openseek: /var/log/lastlog is not a
file or director

Version-Release number of selected component (if applicable):
openssh-3.9p1-12
Comment 1 Tomas Mraz 2005-03-21 05:55:45 EST
This is a regression caused by the fix for bug 139539 in the setup package.

I don't think this is a sshd bug, for example the login binary doesn't work well
with missing lastlog file too (it won't create the file, so the last login
information is lost).

I'd suggest touching the lastlog file in the post install script of the setup
package if it has to be %ghost and not %config.
Comment 2 Bill Nottingham 2005-03-22 23:11:44 EST
This is *theoretically* created by useradd; did the behavior change there?
Comment 3 Tomas Mraz 2005-03-23 03:32:42 EST
If it changed it is not a recent change - on a FC3 box:
root@perun:~# ls -l /var/log/lastlog
-r--------  1 root root 146584 Mar 23 09:04 /var/log/lastlog
root@perun:~# rm /var/log/lastlog
rm: remove regular file `/var/log/lastlog'? y
root@perun:~# useradd testuser2
root@perun:~# ls -l /var/log/lastlog
ls: /var/log/lastlog: No such file or directory
Comment 4 Bill Nottingham 2005-03-23 12:44:40 EST
Unfortunately, setup *cannot* have prereqs, as it would create an unsolvable
dependency loop.

So, the creation would have to be somewhere else. :/

Candidates are shadow-utils, sysklogd, logrotate, util-linux... ?
Comment 5 Tomas Mraz 2005-03-23 14:43:33 EST
I vote for util-linux then as login is a part of the package.

Should the util-linux package also own the file as %ghost?
Comment 6 Bill Nottingham 2005-03-23 15:00:25 EST
If it creates it, probably.
Comment 7 Karel Zak 2005-03-24 02:38:58 EST
The login doesn't create /var/log/lastlog :-(

I don't know how many programs write something to the 'lastlog', but I think
each program that write something to 'lastlog' have to use something like:

  open(PATH_LASTLOG, O_RDWR | O_CREATE, 0)
                              ^^^^^^^^^

Or is there any reason why only (any) install script should be create it? IMHO
it's important file and it should be created always when it missing in system.
Comment 8 Bill Nottingham 2005-03-24 13:40:27 EST
Well, the messages from sshd are from the portions that simply read it to get
the last login time. I suppose you could argue that they could be silenced in
that case, but I don't think making the file is correct there.
Comment 10 Tomas Mraz 2005-03-31 02:09:26 EST
*** Bug 152635 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.