Bug 248565 - logrotate never rotates /var/log/btmp
logrotate never rotates /var/log/btmp
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: logrotate (Show other bugs)
7
All Linux
low Severity low
: ---
: ---
Assigned To: Tomas Smetana
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-07-17 10:58 EDT by Tomasz Ostrowski
Modified: 2007-11-30 17:12 EST (History)
0 users

See Also:
Fixed In Version: 3.7.6-1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-08-07 07:59:28 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tomasz Ostrowski 2007-07-17 10:58:12 EDT
Description of problem:
logrotate never rotates /var/log/btmp file, where failed logins are saved.

Version-Release number of selected component (if applicable):
logrotate-3.7.5-3.1.fc7

How reproducible:
Always

Steps to Reproduce:
1. try to login as not existing user, for example: ssh -l foo localhost
2. wait until /var/log/btmp is rotated
  
Actual results:
You die ;-)

Expected results:
After a month of waiting there's /var/log/btmp.1 created and /var/log/btmp is
truncated.

Additional info:
Because there's a lot of worms that try to brute-force an ssh login this file
can become rather large: on one of my systems it was over 100MB.

This file belongs to initscripts, but I don't think it should create
/etc/logrotate.d/initscripts. /var/log/wtmp also belongs to initscripts but is
rotated in /etc/logrotate.conf:

#rpm -qf /var/log/btmp
initscripts-8.54.1-1
#rpm -qf /var/log/wtmp
initscripts-8.54.1-1

This bug also affects CentOS5, so it would also probably affect RedHat5. It
affected FC5 so FC6 is probably affected too.

If you'll be fixing this bug please remember that this file should not be
readable by everybody (like wtmp), because occasionally man enters password
instead of login name by mistake.

There's almost the same Bug #117844 which is supposedly fixed in rawhide on
2004-12-13:
https://bugzilla.redhat.com/bugzilla/show_activity.cgi?id=117844
If it was then this is a regression.
Comment 1 Tomas Smetana 2007-08-01 07:17:07 EDT
You're right. This probably didn't make its way to upstream and got lost during
rebase. Thanks for reporting.
Comment 2 Tomas Smetana 2007-08-07 07:59:28 EDT
The default configuration now includes /var/log/btmp even in the upstream
version. So the change should not get lost again.
Comment 3 Jeffrey Hutzelman 2007-08-28 11:13:16 EDT
Any chance of seeing this in F7 updates?

Note You need to log in before you can comment on or make changes to this bug.