Displaying 7 results from an estimated 7 matches for "offsetfile".
2005 Oct 29
1
Bug#336265: logrotate detection, possible attack not checked by logcheck
Package: logcheck
Version: 1.2.41
Problem: Logcheck try to detect if log file have been rotate or not by file size way.
Possible attack:
- current log file (sizeA)
- run logcheck, (logcheck/logtail put inode in offsetfile), offset=sizeA
- [attacker run attack 1]
- run logrotate
- [attacker run attack 2]
- run logcheck may don't detect the rotation and don't check the log for attack 1 duration.
attack 1 : The real attack, this attack log will not be checked by logcheck if attack 2 run succesfully.
attack 2 G...
2007 Jan 15
1
Bug#406973: logtail misses lines in rotated file
Package: logtail
Version: 1.2.52
Severity: normal
Tags: patch
Hi,
When a logfile is rotated, logtail misses the lines logged between the
last logtail run and the logfile rotation.
The attached patch allows to set an alternate logfile that logtail tries
to use as the old logfile if the inode has changed.
It can be used as:
logtail -f /var/log/syslog -a /var/log/syslog.1
(Please note that this
2004 Nov 10
1
logtail ignoring information in rotated logs
...4-11-11 02:10:55.000000000 +1030
@@ -21,7 +21,7 @@
use strict;
use warnings;
-my ($size);
+my ($size, $rotsize);
use Getopt::Std;
my %opts = ();
@@ -52,7 +52,7 @@
exit 66;
}
-my ($inode, $ino, $offset) = (0, 0, 0);
+my ($inode, $ino, $offset, $rotatedino) = (0, 0, 0, 0);
unless (not $offsetfile) {
if (open(OFFSET, $offsetfile)) {
@@ -82,6 +82,22 @@
print "*************** This could indicate tampering.\n";
}
}
+
+ # Check for the existence of a rotated log
+
+ if ((undef,$rotatedino,undef,undef,undef,undef,undef,$rotsize) = stat "$logfil...
2005 Jan 11
2
Bug#289801: Logtail should output error messages to stderr, not stdout
...er other users of logtail next time you change
something.
That notwithstanding, since logtail prints its error messages to standard
output, the error message about the incorrect argument format is lost. One
would expect the normal usage of logtail would have been something like:
logtail logfile offsetfile | some_program
With the new version of logtail, this produces an error message to standard
output, which is then sent to 'some_program'. I would claim that the correct
behaviour is to send the message to standard error, so logtail is not
silently broken by installing logtail from sarge....
2004 Jul 12
0
[patch] logtail recheck permissions of offset files
...+101,11 @@
}
print OFFSET "$ino\n$size\n";
close OFFSET;
+
+ # make shure if invoked as root that file remains readable for cronjob
+ my ($login,$pass,$uid,$gid) = getpwnam($user)
+ or print "$user not in passwd file" and exit 73;
+ chown $uid, $gid, $offsetfile;
+
}
exit 0;
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20040712/64b21a4d/attachment.pgp
2004 Sep 12
2
Bug#271286: minor fix for ignore.d.server/oidentd
Package: logcheck
Version: 1.2.27
Severity: wishlist
hello,
in ignore.d.server/oidentd you have:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ oidentd\[[0-9]+\]: Connection from \
[._[:alnum:]-]+ \([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\):[0-9]{1,5}$
anyway, some oidentd logs don't have a hostname:
oidentd[34562]: Connection from 241.145.24.135:2353
therefore you have to add:
^\w{3} [
2004 Jul 21
4
Bug#260743: logcheck-database: dhcp rule updates for failover support
Package: logcheck-database
Version: 1.2.23
Severity: minor
Hi,
a couple of minor corrections to the dhcp rule sets:
First of all, the hostname matching parts need to include the "._-"
signs (maybe . is not needed but it might be).
Then when using failover, log lines of type DHCPDISCOVER and DHCPREQUEST
may be entailed by the string ": load balance to peer <somestring>".