[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Syslog bugs in cfengine 2.0.3
|
From: |
David Douthitt |
|
Subject: |
Syslog bugs in cfengine 2.0.3 |
|
Date: |
Wed, 18 Sep 2002 09:30:30 -0500 |
|
User-agent: |
Mutt/1.4i |
First, running cfengine -nv puts entries into the syslog
exactly the same as if it wasn't. There's no way to tell
that what cfengine says happened really didn't.
This could be serious trouble if the logs are called into
court on a hacking case. What if you can't trust your
logs?
Secondly, the syslog entries look like this:
Sep 18 00:02:40 myhost cfengine:myhost[11730]: /var/cfengine/bin/installrpm had
permission 700, changed it to 755
Sep 18 00:02:40 myhost cfengine:myhost[11730]: /var/cfengine/bin/removerpm had
permission 700, changed it to 755
Sep 18 00:02:40 myhost cfengine:myhost[11730]: /var/cfengine/bin/startservice
had permission 700, changed it to 755
In another case, it looked like this:
Sep 18 09:15:31 myhost myhost.mydomain[13742]: Rereading config files
/var/cfengine/inputs/cfservd.conf..
Sep 18 09:15:31 myhost myhost.mydomain[13742]: cfservd Multithreaded version
These logs should look like:
Sep 18 00:02:40 myhost cfengine[11730]: /var/cfengine/bin/installrpm had
permission 700, changed it to 755
Sep 18 00:02:40 myhost cfengine[11730]: /var/cfengine/bin/removerpm had
permission 700, changed it to 755
Sep 18 00:02:40 myhost cfengine[11730]: /var/cfengine/bin/startservice had
permission 700, changed it to 755
...and this should not be settable; I like the
cfengine:host output for standard output, but it's not
for the logs.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Syslog bugs in cfengine 2.0.3,
David Douthitt <=