Honeypots mailing list archives
roo Bug #316 (2nd try)
From: "Earl Sammons" <esammons () hush com>
Date: Tue, 28 Jun 2005 11:20:26 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 1st attempt bounced... Earl Return-Path: <esammons () hush com> Delivered-To: moderator for honeypots () securityfocus com Received: (qmail 27775 invoked from network); 23 Jun 2005 13:40:03 - 0000 All, If you are running the Honeynet Project's 'roo' Honeywall, you will want to have a look at Bugzilla item #316. https://bugs.honeynet.org/show_bug.cgi?id=316 Essentially logrotate fails while attempting to rotate /var/log/messages because we (Well it was my doing ;P) set the "Append Only" attribute bit on the file without setting up a means by which to handle it accordingly. Two possible fixes... If you don't care about keeping your Honeywall as close to NIST recomendations as possible just: chattr -a /var/log/messages and you will be good. The "lockdown" script (/usr/local/bin/lockdown-hw.sh) is where the append only attrib is being set on first boot of a freshly installed roo. So, if you ever re-run this (good practice) on a roo version <= 1.0.hw-139 it will reset the append only bit again (fyi). If you prefer to keep things as "NISTIFIED" as possible, I've posted a logrotate config work around to deal with the attrib stuff. Please see: https://bugs.honeynet.org/show_bug.cgi?id=316 We appreciate the time people take to detail bugs like this in roo's Bugzilla database. Everyone bennefits from the lessons learned. -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkLBmZEACgkQk7+e+4lPSm0/ewCfSLSZTE5T1Fs0y3wXF7J3b9Nb9XAA niyxIAy2wBbKLfk84SPDkrQHKyfo =O66O -----END PGP SIGNATURE-----
Current thread:
- roo Bug #316 (2nd try) Earl Sammons (Jun 28)