Bug 196671 - SECURITY logrotate just keep last month of logs
Summary: SECURITY logrotate just keep last month of logs
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: logrotate
Version: 5
Hardware: All
OS: Linux
medium
high
Target Milestone: ---
Assignee: Peter Vrabec
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-06-26 12:31 UTC by Sergio Basto
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-06-30 12:16:24 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Sergio Basto 2006-06-26 12:31:38 UTC
My server has been hacking, exploring a flaw in horde (http://www.horde.org/)
My ISP blocked my cable modem. 
I can't prove anything because I just have last month of logs, 
it is fair enough for have last year of logs changing logrotate.conf to 

diff /tmp/logrotate.conf /etc/logrotate.conf
6c6
< rotate 4
---
> rotate 52

Comment 1 Peter Vrabec 2006-06-30 12:16:24 UTC
I think this amount of logs could occupy enough disk space and this option is not suitable for 
most admins.

Comment 2 Sergio Basto 2006-06-30 12:30:55 UTC
I don't agree , if exploiter knows, looks like is my case, just wait one month
and all logs of attack gone.
At least put 2 or 3 months .


Comment 3 Robert Scheck 2006-06-30 12:35:25 UTC
I agree with Peter. Per default only very less people want to have what you're 
expecting as new default. Please remember, that /etc/logrotate.conf is marked as 
configuration file and won't be replaced during update when you modified it.
So /etc/logrotate.conf is a configuration file and provides IMHO well defaults. 
If you don't agree, just change the file to your needs.


Note You need to log in before you can comment on or make changes to this bug.