Package: logcheck
Version: 1.2.37
Everytime(!) i upgrade debian logcheck i run into the error
that logcheck is trying to generate its lockfile at a
forbidden location.
The error message/mail is a bit missleading too.
When will that error be fixed? (I think i reported it already several
weeks a ago).
As logcheck never runs as "root", that error must
occur on every sane setup system, or?
Why do i not find any reports?
Is it a so common (dangerous) practise to allow every body to
litter "/var/lock" with its private lockfiles? Allowing everybody
to place a link to an unwanted file with the name of
a root lock file? So when root changes the (old) lock, it
changes the "unwanted" file too etc... or it's easy to block root
by placing a lock file with the same name root would test when
everybody can write to "/var/lock".
Decription:
After update logcheck i always get this error mail:
------------------------------------------------------------
Warning: If you are seeing this message, your log files may not have been
checked!
Details:
Failed to get lockfile: /var/lock/logcheck.lock
Check temporary directory:
declare -x HOME="/var/lib/logcheck"
declare -x LOGNAME="logcheck"
declare -x MAILTO="root"
declare -x OLDPWD
declare -x PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin"
declare -x PWD="/var/lib/logcheck"
declare -x SHELL="/bin/sh"
declare -x SHLVL="2"
-----------------------------------------------------------------------
Solution:
you must edit the script(!) as logcheck has as security flaw
and tries to place it's lock file under /var/lock/ which is
-of course- only allowed for root!
You must create a directory "logcheck" under /var/lock/
mkdir /var/lock/logcheck
chown logcheck:logcheck /var/lock/logcheck
chmod 755 /var/lock/logcheck
# ll /var/lock/logcheck/
total 8
drwxr-xr-x 2 logcheck logcheck 4096 Apr 16 16:02 .
drwxr-xr-x 5 root root 4096 Apr 16 06:37 ..
And edit the script(!) like this:
[23:29:49]yoda:/etc/logcheck# diff -Nau /usr/sbin/logcheck
/usr/sbin/logcheck.ori
--- /usr/sbin/logcheck 2005-04-16 23:29:36.000000000 +0200
+++ /usr/sbin/logcheck.ori 2005-04-03 01:00:14.000000000 +0200
@@ -81,7 +81,7 @@
SORTUNIQ=0
SUPPORT_CRACKING_IGNORE=0
SYSLOGSUMMARY=0
-LOCKFILE="/var/lock/logcheck/logcheck"
+LOCKFILE="/var/lock/logcheck"
# Carry out the clean up tasks
cleanup() {
--------------------------------------------------------------
Maybe it would ease use a lot if "LOCKFILE" is
set in /etc/logcheck/logcheck.conf too?
HTH
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
