Red Hat Bugzilla – Bug 248565
logrotate never rotates /var/log/btmp
Last modified: 2007-11-30 17:12:10 EST
Description of problem:
logrotate never rotates /var/log/btmp file, where failed logins are saved.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. try to login as not existing user, for example: ssh -l foo localhost
2. wait until /var/log/btmp is rotated
You die ;-)
After a month of waiting there's /var/log/btmp.1 created and /var/log/btmp is
Because there's a lot of worms that try to brute-force an ssh login this file
can become rather large: on one of my systems it was over 100MB.
This file belongs to initscripts, but I don't think it should create
/etc/logrotate.d/initscripts. /var/log/wtmp also belongs to initscripts but is
rotated in /etc/logrotate.conf:
#rpm -qf /var/log/btmp
#rpm -qf /var/log/wtmp
This bug also affects CentOS5, so it would also probably affect RedHat5. It
affected FC5 so FC6 is probably affected too.
If you'll be fixing this bug please remember that this file should not be
readable by everybody (like wtmp), because occasionally man enters password
instead of login name by mistake.
There's almost the same Bug #117844 which is supposedly fixed in rawhide on
If it was then this is a regression.
You're right. This probably didn't make its way to upstream and got lost during
rebase. Thanks for reporting.
The default configuration now includes /var/log/btmp even in the upstream
version. So the change should not get lost again.
Any chance of seeing this in F7 updates?