Logcheck users - Jun 2010 - Installing and running logcheck on CentOS

I've installed logcheck on CentOS from source, as well as liblockfile
and lockfile-progs.

I've created a logcheck user with /var/lib/logcheck as the home and
/sbin/nologin as the shell. logcheck user is in the adm group. I also
customised the list of logfiles for CentOS. When I run logcheck, I get
the following errors:

# sudo -u logcheck logcheck -ot
basename: invalid option -- -
Try `basename --help' for more information.
basename: invalid option -- -
Try `basename --help' for more information.
basename: invalid option -- -
Try `basename --help' for more information.
basename: invalid option -- -
Try `basename --help' for more information.
basename: invalid option -- -
Try `basename --help' for more information.
Error: Could not run logtail or save output.
System Events
=-=-=-=-=-=-File /var/log/secure cannot be read: Permission denied

/usr/sbin/logcheck: line 100: kill: (7519) - No such process

Am Friday 25 June 2010 09:49:20 schrieb Robert
Rothenberg:
> I've installed logcheck on CentOS from source, as well as liblockfile
> and lockfile-progs.
Which versions did you use? I've successfully installed logcheck on a CentOS
5
box a few months ago. I've used liblockfile_1.08, lockfile-procs-0.1.10 and 
logcheck_1.2.45. I remember, that I 've to modify /usr/sbin/logcheck because
it relays on run-parts which is very broken in CentOS. (It is not realy 
broken, but they reinvented the wheel instead of porting the debian 
run-parts. The result is a very bad. One answer to solve a lot of Problems 
with CentOS is: switch to Debian ;-) )
>
> I've created a logcheck user with /var/lib/logcheck as the home and
> /sbin/nologin as the shell. logcheck user is in the adm group. I also
> customised the list of logfiles for CentOS. When I run logcheck, I get
> the following errors:
>
> # sudo -u logcheck logcheck -ot
> basename: invalid option -- -
> Try `basename --help' for more information.
> basename: invalid option -- -
> Try `basename --help' for more information.
> basename: invalid option -- -
> Try `basename --help' for more information.
> basename: invalid option -- -
> Try `basename --help' for more information.
> basename: invalid option -- -
> Try `basename --help' for more information.
> Error: Could not run logtail or save output.
> System Events
> =-=-=-=-=-=-> File /var/log/secure cannot be read: Permission denied
 /var/log/secure should be readable by adm. This is not default on CentOS. 
Default is a mode of 600 for root. (again: silly CentOS)

I just loocked into the code of /usr/sbin/logcheck and found the first 
occurence of basename in exact this position where I patched logcheck because 
of the bad run-parts implementation.

the code which is not working is:

$(run-parts --list $dir)

I've replaced it with a "work around":

$(find $dir -maxdepth 1 -type f -regex ^${dir}[/]*[a-z0-9][a-z0-9]*$)

It is not the same as a working run-parts but works for me.

Good luck in trying to make logcheck work on CentOS.

Best regards,

Hubert

-- 
Hubert Krause
Risk & Fraud Division
INFORM GmbH, Pascalstra?e 23, 52076 Aachen, Germany
Phone: +49 24 08 - 94 56 5145
E-Mail: hubert.krause at inform-ac.com, Web: http://www.inform-ac.com
INFORM Institut fuer Operations Research und Management GmbH
Registered AmtsG Aachen HRB1144 Gfhr. Adrian Weiler