Package: logrotate Version: 3.7-5 Severity: minor File: /etc/logrotate.conf
Current logrotate config defines permissions 0664 for /var/log/btmp. There is a known problem with sshd making unnecessary problems about group permissions on this file, but that aside, isn't this also a bad file to make world-readable? From what I understand, it might contain passwords that were accidentally typed at username prompts. -- Package-specific info: Contents of /etc/logrotate.d total 32 -rw-r--r-- 1 root root 240 2004-11-10 19:00 apache2 -rw-r--r-- 1 root root 384 2004-09-24 17:02 base-config -rw-r--r-- 1 root root 162 2005-03-22 08:25 checksecurity -rw-r--r-- 1 root root 209 2005-05-16 18:04 clamav-daemon -rw-r--r-- 1 root root 215 2005-05-13 05:26 clamav-freshclam -rw-r--r-- 1 root root 1272 2005-02-17 04:15 mailman -rw-r--r-- 1 root root 1116 2005-03-03 07:09 mysql-server -rw-r--r-- 1 root root 134 2004-07-12 11:08 vsftpd -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (50, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.11 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages logrotate depends on: ii base-passwd 3.5.9 Debian base system master password ii cron 3.0pl1-87 management of regular background p ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libpopt0 1.7-5 lib for parsing cmdline parameters -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
