[Logcheck-devel] Bug#488212: denial-of-service (DOS) attack by anyone with syslog access (e.g. logger(1))
Simon Waters
simon at technocool.net
Tue Oct 26 07:08:17 UTC 2010
Package: logcheck
Version: 1.3.13
Severity: normal
Hit related issue, with USB device errors causing extremely large syslog and kern.log files. Results in logcheck consuming excessive CPU.
Whilst there are many easy work arounds and perhaps this should be fixed with the kernel logging or in syslogd, but occurred to me logcheck should have a maximum file size limit at which it refuses to process the log.
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages logcheck depends on:
ii adduser 3.112 add and remove users and groups
ii cron 3.0pl1-115 process scheduling daemon
ii lockfile-progs 0.1.15 Programs for locking and unlocking
ii logtail 1.3.13 Print log file lines that have not
ii mime-construct 1.11 construct/send MIME messages from
ii postfix [mail-transport-agent 2.7.1-1 High-performance mail transport ag
ii rsyslog [system-log-daemon] 4.6.4-1 enhanced multi-threaded syslogd
Versions of packages logcheck recommends:
ii logcheck-database 1.3.13 database of system log rules for t
Versions of packages logcheck suggests:
pn syslog-summary <none> (no description available)
-- Configuration Files:
/etc/cron.d/logcheck changed:
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
@reboot logcheck if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck -R; fi
2 0,12 * * * logcheck if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck; fi
/etc/logcheck/logcheck.conf [Errno 13] Permission denied: u'/etc/logcheck/logcheck.conf'
/etc/logcheck/logcheck.logfiles [Errno 13] Permission denied: u'/etc/logcheck/logcheck.logfiles'
-- no debconf information
More information about the Logcheck-devel
mailing list