[Logcheck-devel] Bug#304978: marked as done (Failed to get lockfile: /var/lock/logcheck.lock)
Debian Bug Tracking System
owner at bugs.debian.org
Tue Apr 19 04:18:11 UTC 2005
Your message dated Tue, 19 Apr 2005 00:02:12 -0400
with message-id <E1DNjwC-0002G1-00 at newraff.debian.org>
and subject line Bug#304978: fixed in logcheck 1.2.38
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 16 Apr 2005 22:05:01 +0000
>From UseNet-Posting-Nospam-74308- at zocki.toppoint.de Sat Apr 16 15:05:01 2005
Return-path: <UseNet-Posting-Nospam-74308- at zocki.toppoint.de>
Received: from archer.toppoint.de (mail.toppoint.de) [195.244.243.1]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DMvPQ-0006Ev-00; Sat, 16 Apr 2005 15:05:01 -0700
Received: (from uucp at localhost)
by mail.toppoint.de (8.11.7p1+Sun/8.11.7) id j3GM4w301033
for submit at bugs.debian.org; Sun, 17 Apr 2005 00:04:58 +0200 (MEST)
>Received: by zocki.toppoint.de (CrossPoint/FreeXP v3.40 RC3 (EMS) @ 3108030130 R/C6515);
17 Apr 2005 00:03:55 +0200
Date: 17 Apr 2005 00:03:00 +0200
From: Rainer Zocholl <UseNet-Posting-Nospam-74308- at zocki.toppoint.de>
To: <submit at bugs.debian.org>
Message-ID: <9V3Nq436gjB at zocki.toppoint.de>
Subject: Failed to get lockfile: /var/lock/logcheck.lock
X-Mailer: CrossPoint/FreeXP v3.40 RC3 (EMS) @ 3108030130 R/C6515
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Organization: http://www.toppoint.de
X-ZC-Telefon: V+49-431-5606-550Q V+49-431-562136Q
X-XP-Version: CrossPoint/FreeXP v3.40 RC3 (EMS) @ 3108030130 R/C6515
X-RFC-Converter: E-UUZ/II [FreeXP v3.40.1a RC3] @ 200405292345
Received: from zocki.toppoint.de by archer.toppoint.de; Sun, 17 Apr 2005 00:04 MES
Content-Type: text/plain; charset=US-ASCII
Delivered-To: submit at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-7.3 required=4.0 tests=BAYES_00,HAS_PACKAGE,
MSGID_FROM_MTA_HEADER autolearn=no
version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: logcheck
Version: 1.2.37
Everytime(!) i upgrade debian logcheck i run into the error
that logcheck is trying to generate its lockfile at a
forbidden location.
The error message/mail is a bit missleading too.
When will that error be fixed? (I think i reported it already several
weeks a ago).
As logcheck never runs as "root", that error must
occur on every sane setup system, or?
Why do i not find any reports?
Is it a so common (dangerous) practise to allow every body to
litter "/var/lock" with its private lockfiles? Allowing everybody
to place a link to an unwanted file with the name of
a root lock file? So when root changes the (old) lock, it
changes the "unwanted" file too etc... or it's easy to block root
by placing a lock file with the same name root would test when
everybody can write to "/var/lock".
Decription:
After update logcheck i always get this error mail:
------------------------------------------------------------
Warning: If you are seeing this message, your log files may not have been
checked!
Details:
Failed to get lockfile: /var/lock/logcheck.lock
Check temporary directory:
declare -x HOME="/var/lib/logcheck"
declare -x LOGNAME="logcheck"
declare -x MAILTO="root"
declare -x OLDPWD
declare -x PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin"
declare -x PWD="/var/lib/logcheck"
declare -x SHELL="/bin/sh"
declare -x SHLVL="2"
-----------------------------------------------------------------------
Solution:
you must edit the script(!) as logcheck has as security flaw
and tries to place it's lock file under /var/lock/ which is
-of course- only allowed for root!
You must create a directory "logcheck" under /var/lock/
mkdir /var/lock/logcheck
chown logcheck:logcheck /var/lock/logcheck
chmod 755 /var/lock/logcheck
# ll /var/lock/logcheck/
total 8
drwxr-xr-x 2 logcheck logcheck 4096 Apr 16 16:02 .
drwxr-xr-x 5 root root 4096 Apr 16 06:37 ..
And edit the script(!) like this:
[23:29:49]yoda:/etc/logcheck# diff -Nau /usr/sbin/logcheck /usr/sbin/logcheck.ori
--- /usr/sbin/logcheck 2005-04-16 23:29:36.000000000 +0200
+++ /usr/sbin/logcheck.ori 2005-04-03 01:00:14.000000000 +0200
@@ -81,7 +81,7 @@
SORTUNIQ=0
SUPPORT_CRACKING_IGNORE=0
SYSLOGSUMMARY=0
-LOCKFILE="/var/lock/logcheck/logcheck"
+LOCKFILE="/var/lock/logcheck"
# Carry out the clean up tasks
cleanup() {
--------------------------------------------------------------
Maybe it would ease use a lot if "LOCKFILE" is
set in /etc/logcheck/logcheck.conf too?
HTH
---------------------------------------
Received: (at 304978-close) by bugs.debian.org; 19 Apr 2005 04:09:42 +0000
>From katie at ftp-master.debian.org Mon Apr 18 21:09:42 2005
Return-path: <katie at ftp-master.debian.org>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DNk3R-0004vh-00; Mon, 18 Apr 2005 21:09:42 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1DNjwC-0002G1-00; Tue, 19 Apr 2005 00:02:12 -0400
From: Todd Troxell <ttroxell at debian.org>
To: 304978-close at bugs.debian.org
X-Katie: $Revision: 1.55 $
Subject: Bug#304978: fixed in logcheck 1.2.38
Message-Id: <E1DNjwC-0002G1-00 at newraff.debian.org>
Sender: Archive Administrator <katie at ftp-master.debian.org>
Date: Tue, 19 Apr 2005 00:02:12 -0400
Delivered-To: 304978-close at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
X-CrossAssassin-Score: 3
Source: logcheck
Source-Version: 1.2.38
We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive:
logcheck-database_1.2.38_all.deb
to pool/main/l/logcheck/logcheck-database_1.2.38_all.deb
logcheck_1.2.38.dsc
to pool/main/l/logcheck/logcheck_1.2.38.dsc
logcheck_1.2.38.tar.gz
to pool/main/l/logcheck/logcheck_1.2.38.tar.gz
logcheck_1.2.38_all.deb
to pool/main/l/logcheck/logcheck_1.2.38_all.deb
logtail_1.2.38_all.deb
to pool/main/l/logcheck/logtail_1.2.38_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 304978 at bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Todd Troxell <ttroxell at debian.org> (supplier of updated logcheck package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster at debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Monday, 18 Apr 2005 23:45:00 -0500
Source: logcheck
Binary: logcheck logtail logcheck-database
Architecture: source all
Version: 1.2.38
Distribution: unstable
Urgency: low
Maintainer: Debian logcheck Team <logcheck-devel at lists.alioth.debian.org>
Changed-By: Todd Troxell <ttroxell at debian.org>
Description:
logcheck - Mails anomalies in the system logfiles to the administrator
logcheck-database - A database of system log rules for the use of log checkers
logtail - Print log file lines that have not been read
Closes: 30088 295352 297995 302678 303176 304978
Changes:
logcheck (1.2.38) unstable; urgency=low
.
maks:
* Generalise postfix rule concerning network_biopair_interop.
* Add rule for ntp message about valid/infalid peers. (Closes #303661)
* Improve rules .PHONY target + add checkpo rule for the translation check.
* Add help target to debian/rules documenting the syntax.
jamie:
* Add rule in violations.ignore.d/logcheck-postfix for postgrey
(Closes: #30088)
* Modify bind notify rule for bind 9.3.x (Closes: #303176)
* Add various workstation kernel/udev rules for removable devices
(Closes: #297995)
* Modify rsync rule to match module names with '.', '-' and '_'.
Thanks to SATOH Fumiyasu <fumiya at samba.gr.jp> for the patch
(Closes: #295352)
* Add nagios rule for UNKNOWN state service notification.
* Modify postfix anvil rule for 'max connection' statistics
messages to match smtps connections too.
* Add new rules for policyd, a postfix policy daemon.
* Add more postfix rules for certificate verification failure
messages.
* Add new rules for postfix scache (connection cache server).
* Add rule for bind 9.3 'unexpected RCODE' messages.
* Modify dnsmasq rule to match '/var/run/dnsmasq/resolv.conf'
too. (Closes: #302678)
todd:
* Change lockfile location from /var/lock/logcheck to
/var/lock/logcheck/logcheck (Thanks Rainer Zocholl) to avoid
potential DoS condition. (Closes: #304978)
* Make lockfile debug messages refer to the correct files.
* Add note about dh_installlogcheck permissions. (See #302379)
Files:
a040986cd3efb1bc4b4b273ed4a0e635 703 admin optional logcheck_1.2.38.dsc
d82a1faa4198dfa7900e518f8b3581d3 94121 admin optional logcheck_1.2.38.tar.gz
520c27384c61dc06f55a9698c42b7bbf 44576 admin optional logcheck_1.2.38_all.deb
70e46d26fa902d29668d16f1f7186af4 61472 admin optional logcheck-database_1.2.38_all.deb
6931679c977e9f6025ebbd4e7ccca586 27374 admin optional logtail_1.2.38_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFCZH8R4u3oQ3FHP2YRAlR7AJ9f78c4NhflMsODo+Ov+/zR5bWNZACeJy+n
3OqLY4B4e4FxveJ3bkIPBUU=
=riHA
-----END PGP SIGNATURE-----
More information about the Logcheck-devel
mailing list