conf/165331: periodic security run output gives false positives
after 1 year
Garance A Drosehn
gad at FreeBSD.org
Tue Feb 21 18:50:08 UTC 2012
The following reply was made to PR conf/165331; it has been noted by GNATS.
From: Garance A Drosehn <gad at FreeBSD.org>
To: bug-followup at FreeBSD.org
Cc:
Subject: Re: conf/165331: periodic security run output gives false positives
after 1 year
Date: Tue, 21 Feb 2012 12:32:40 -0500
Note that catmsgs() function in periodic/security/800.loginfail
starts off with:
find ${LOG} -name 'auth.log.*' -mtime -2 | [...etc...]
Note the '-mtime -2' on that 'find' command. It is *not* reading
all archived logs on the disk. It is reading all files which have
a last-modified time within 2 days of the time the command is
executed.
It would still be a good idea to do something to fix the problem
as described, but that problem would be fixed by having the log
files rotated just once-per-year. (Or it could be fixed by
including the year in timestamps written to the log files).
--
Garance Alistair Drosehn = gad at gilead.netel.rpi.edu
Senior Systems Programmer or gad at freebsd.org
Rensselaer Polytechnic Institute or drosih at rpi.edu
More information about the freebsd-bugs
mailing list