Red Hat Bugzilla – Bug 248565
logrotate never rotates /var/log/btmp
Last modified: 2007-11-30 17:12:10 EST
Description of problem: logrotate never rotates /var/log/btmp file, where failed logins are saved. Version-Release number of selected component (if applicable): logrotate-3.7.5-3.1.fc7 How reproducible: Always Steps to Reproduce: 1. try to login as not existing user, for example: ssh -l foo localhost 2. wait until /var/log/btmp is rotated Actual results: You die ;-) Expected results: After a month of waiting there's /var/log/btmp.1 created and /var/log/btmp is truncated. Additional info: Because there's a lot of worms that try to brute-force an ssh login this file can become rather large: on one of my systems it was over 100MB. This file belongs to initscripts, but I don't think it should create /etc/logrotate.d/initscripts. /var/log/wtmp also belongs to initscripts but is rotated in /etc/logrotate.conf: #rpm -qf /var/log/btmp initscripts-8.54.1-1 #rpm -qf /var/log/wtmp initscripts-8.54.1-1 This bug also affects CentOS5, so it would also probably affect RedHat5. It affected FC5 so FC6 is probably affected too. If you'll be fixing this bug please remember that this file should not be readable by everybody (like wtmp), because occasionally man enters password instead of login name by mistake. There's almost the same Bug #117844 which is supposedly fixed in rawhide on 2004-12-13: https://bugzilla.redhat.com/bugzilla/show_activity.cgi?id=117844 If it was then this is a regression.
You're right. This probably didn't make its way to upstream and got lost during rebase. Thanks for reporting.
The default configuration now includes /var/log/btmp even in the upstream version. So the change should not get lost again.
Any chance of seeing this in F7 updates?