Hi all What should permissions and ownerships for files under /var/log be?
I have the following: (really long list) /var/log/: total 4281 drwxr-xr-x 2 root root 1024 Jan 14 02:26 apache -rw-r----- 1 root adm 120381 Feb 1 19:08 auth.log -rw-r----- 1 root adm 50427 Jan 14 02:30 auth.log.0 -rw-r----- 1 root adm 9422 Jan 7 03:24 auth.log.1.gz -rw-r----- 1 root adm 15228 Dec 31 13:54 auth.log.2.gz -rw-r----- 1 root adm 28811 Nov 19 06:26 auth.log.3.gz -rw------- 1 root root 10 Jan 6 18:02 auth.log.offset -rw-rw-r-- 1 root utmp 3840 Jan 27 11:01 btmp -rw-rw-r-- 1 root utmp 768 Dec 30 12:21 btmp.1 -rw-r----- 1 root adm 161134 Feb 1 19:07 daemon.log -rw-r----- 1 root adm 51344 Jan 14 02:21 daemon.log.0 -rw-r----- 1 root adm 6847 Jan 7 03:10 daemon.log.1.gz -rw-r----- 1 root adm 36185 Dec 31 13:34 daemon.log.2.gz -rw-r----- 1 root adm 72215 Nov 19 06:10 daemon.log.3.gz -rw------- 1 root root 10 Jan 6 18:02 daemon.log.offset -rw-r----- 1 root adm 0 Jan 14 02:35 debug -rw-r----- 1 root adm 0 Jan 7 03:25 debug.0 -rw-r----- 1 root adm 28 Dec 31 14:01 debug.1.gz -rw-r----- 1 root adm 311 Dec 9 13:12 debug.2.gz -rw-r----- 1 root adm 325 Aug 20 20:58 debug.3.gz -rw-r--r-- 1 root root 3262 Feb 1 09:49 dmesg drwxr-xr-x 2 mail mail 1024 Jan 20 10:03 exim -rw-r--r-- 1 root root 24168 Feb 1 18:28 faillog -rw-r----- 1 root adm 174773 Feb 1 17:54 kern.log -rw-r----- 1 root adm 90265 Jan 14 02:21 kern.log.0 -rw-r----- 1 root adm 17629 Jan 7 03:10 kern.log.1.gz -rw-r----- 1 root adm 44277 Dec 31 13:31 kern.log.2.gz -rw-r----- 1 root adm 291 Nov 18 20:15 kern.log.3.gz drwxr-xr-x 2 root root 1024 Jan 20 10:04 ksymoops -rw-rw-r-- 1 root utmp 294044 Feb 1 18:59 lastlog -rw-r----- 1 root adm 0 Jan 14 02:35 lpr.log -rw-r----- 1 root adm 0 Jan 7 03:24 lpr.log.0 -rw-r----- 1 root adm 30 Dec 31 14:01 lpr.log.1.gz -rw-r----- 1 root adm 30 Nov 19 06:49 lpr.log.2.gz -rw-r----- 1 root adm 30 Aug 18 21:35 lpr.log.3.gz -rw-r----- 1 root adm 0 Jan 14 02:35 mail.err -rw-r----- 1 root adm 0 Jan 7 03:24 mail.err.0 -rw-r----- 1 root adm 31 Dec 31 14:01 mail.err.1.gz -rw-r----- 1 root adm 31 Nov 19 06:49 mail.err.2.gz -rw-r----- 1 root adm 148 Aug 19 00:03 mail.err.3.gz -rw-r----- 1 root adm 0 Jan 14 02:35 mail.info -rw-r----- 1 root adm 0 Jan 7 03:24 mail.info.0 -rw-r----- 1 root adm 32 Dec 31 14:01 mail.info.1.gz -rw-r----- 1 root adm 32 Nov 19 06:49 mail.info.2.gz -rw-r----- 1 root adm 284 Sep 15 23:07 mail.info.3.gz -rw-r----- 1 root adm 0 Jan 14 02:35 mail.log -rw-r----- 1 root adm 0 Jan 7 03:25 mail.log.0 -rw-r----- 1 root adm 31 Dec 31 14:01 mail.log.1.gz -rw-r----- 1 root adm 31 Nov 19 06:49 mail.log.2.gz -rw-r----- 1 root adm 283 Sep 15 23:07 mail.log.3.gz -rw------- 1 root root 6 Jan 6 18:02 mail.log.offset -rw-r----- 1 root adm 0 Jan 14 02:35 mail.warn -rw-r----- 1 root adm 0 Jan 7 03:24 mail.warn.0 -rw-r----- 1 root adm 32 Dec 31 14:01 mail.warn.1.gz -rw-r----- 1 root adm 32 Nov 19 06:49 mail.warn.2.gz -rw-r----- 1 root adm 149 Aug 19 00:03 mail.warn.3.gz -rw-r----- 1 root adm 189829 Feb 1 19:09 messages -rw-r----- 1 root adm 96139 Jan 14 02:30 messages.0 -rw-r----- 1 root adm 18519 Jan 7 03:19 messages.1.gz -rw-r----- 1 root adm 48772 Dec 31 13:57 messages.2.gz -rw-r----- 1 root adm 533 Nov 19 06:27 messages.3.gz -rw------- 1 root root 11 Jan 6 18:02 messages.offset drwxr-sr-x 2 news news 1024 Aug 18 21:35 news -rw-r--r-- 1 root root 181278 Feb 1 09:55 nmb -rw-r----- 1 root adm 0 Aug 18 22:38 ppp-connect-errors -rw-r----- 1 root adm 2368 Jan 20 10:06 setuid.changes -rw-r----- 1 root adm 2074 Jan 19 20:56 setuid.changes.0 -rw-r----- 1 root adm 448 Jan 18 17:54 setuid.changes.1.gz -rw-r----- 1 root adm 444 Jan 17 19:25 setuid.changes.2.gz -rw-r----- 1 root adm 437 Jan 16 19:55 setuid.changes.3.gz -rw-r----- 1 root adm 440 Jan 15 19:05 setuid.changes.4.gz -rw-r----- 1 root adm 448 Jan 14 02:30 setuid.changes.5.gz -rw-r----- 1 root adm 451 Jan 13 00:36 setuid.changes.6.gz -rw-r----- 1 root root 374205 Jan 20 10:06 setuid.today -rw-r----- 1 root root 374118 Jan 19 20:56 setuid.yesterday -rw-r--r-- 1 root root 216278 Feb 1 18:26 smb -rw-r----- 1 root adm 291245 Feb 1 19:08 syslog -rw-r----- 1 root adm 14133 Jan 20 10:04 syslog.0 -rw-r----- 1 root adm 4279 Jan 19 20:51 syslog.1.gz -rw-r----- 1 root adm 4309 Jan 18 17:53 syslog.2.gz -rw-r----- 1 root adm 5139 Jan 17 19:23 syslog.3.gz -rw-r----- 1 root adm 3934 Jan 16 19:51 syslog.4.gz -rw-r----- 1 root adm 5630 Jan 15 19:02 syslog.5.gz -rw-r----- 1 root adm 6345 Jan 14 02:26 syslog.6.gz -rw------- 1 root root 10 Jan 6 18:02 syslog.offset -rw-r----- 1 root adm 258 Jan 27 11:24 user.log -rw-r----- 1 root adm 0 Jan 7 03:24 user.log.0 -rw-r----- 1 root adm 31 Dec 31 14:01 user.log.1.gz -rw-r----- 1 root adm 149 Dec 25 22:26 user.log.2.gz -rw-r----- 1 root adm 196 Oct 3 20:59 user.log.3.gz -rw-r----- 1 root adm 0 Jan 14 02:35 uucp.log -rw-r----- 1 root adm 0 Jan 7 03:24 uucp.log.0 -rw-r----- 1 root adm 31 Dec 31 14:01 uucp.log.1.gz -rw-r----- 1 root adm 31 Nov 19 06:49 uucp.log.2.gz -rw-r----- 1 root adm 31 Aug 18 21:35 uucp.log.3.gz -rw-rw-r-- 1 root utmp 1296768 Feb 1 19:06 wtmp -rw-rw-r-- 1 root utmp 240384 Jan 1 05:11 wtmp.1 /var/log/apache: total 148 -rw-rw-r-- 1 www-data www-data 72637 Feb 1 18:58 access.log -rw-rw-r-- 1 www-data www-data 21225 Jan 14 02:21 access.log.0 -rw-rw-r-- 1 www-data www-data 1612 Jan 7 02:16 access.log.1.gz -rw-rw-r-- 1 www-data www-data 10716 Dec 31 13:34 access.log.2.gz -rw-rw-r-- 1 www-data www-data 18200 Nov 17 00:43 access.log.3.gz -rw-rw-r-- 1 www-data www-data 7029 Feb 1 09:49 error.log -rw-rw-r-- 1 www-data www-data 6593 Jan 14 02:26 error.log.0 -rw-rw-r-- 1 www-data www-data 572 Jan 7 03:15 error.log.1.gz -rw-rw-r-- 1 www-data www-data 2446 Dec 31 13:54 error.log.2.gz -rw-rw-r-- 1 www-data www-data 3980 Nov 19 06:25 error.log.3.gz /var/log/exim: total 1858 -rw-r----- 1 mail mail 1652165 Feb 1 19:08 mainlog -rw-r----- 1 mail mail 58105 Jan 20 10:03 mainlog.0 -rw-r----- 1 mail mail 18999 Jan 19 20:52 mainlog.1.gz -rw-r----- 1 mail mail 13594 Jan 18 17:52 mainlog.2.gz -rw-r----- 1 mail mail 19734 Jan 17 19:22 mainlog.3.gz -rw-r----- 1 mail mail 20153 Jan 16 19:52 mainlog.4.gz -rw-r----- 1 mail mail 28161 Jan 15 19:03 mainlog.5.gz -rw-r----- 1 mail mail 15304 Jan 14 02:27 mainlog.6.gz -rw-r----- 1 mail mail 4908 Jan 13 00:32 mainlog.7.gz -rw-r----- 1 mail mail 22746 Jan 12 19:54 mainlog.8.gz -rw-r----- 1 mail mail 16579 Jan 11 18:26 mainlog.9.gz -rw-r----- 1 mail mail 0 Jan 20 10:03 paniclog -rw-r----- 1 mail mail 0 Jan 19 20:52 paniclog.0 -rw-r----- 1 mail mail 31 Jan 18 17:52 paniclog.1.gz -rw-r----- 1 mail mail 31 Jan 17 19:22 paniclog.2.gz -rw-r----- 1 mail mail 31 Jan 16 19:52 paniclog.3.gz -rw-r----- 1 mail mail 31 Jan 15 19:03 paniclog.4.gz -rw-r----- 1 mail mail 31 Jan 14 02:27 paniclog.5.gz -rw-r----- 1 mail mail 31 Jan 13 00:32 paniclog.6.gz -rw-r----- 1 mail mail 31 Jan 12 19:54 paniclog.7.gz -rw-r----- 1 mail mail 31 Jan 11 18:26 paniclog.8.gz -rw-r----- 1 mail mail 31 Jan 10 08:29 paniclog.9.gz /var/log/ksymoops: total 88 -r--r--r-- 1 root root 20681 Jan 17 19:24 20010117192428.ksyms -r--r--r-- 1 root root 0 Jan 17 19:24 20010117192428.modules -r--r--r-- 1 root root 20681 Jan 18 17:54 20010118175407.ksyms -r--r--r-- 1 root root 0 Jan 18 17:54 20010118175407.modules -r--r--r-- 1 root root 20681 Jan 19 20:54 20010119205445.ksyms -r--r--r-- 1 root root 0 Jan 19 20:54 20010119205445.modules -r--r--r-- 1 root root 20681 Jan 20 10:04 20010120100459.ksyms -r--r--r-- 1 root root 0 Jan 20 10:04 20010120100459.modules /var/log/news: total 0 -rw-r--r-- 1 root news 0 Aug 18 21:35 news.crit -rw-r--r-- 1 root news 0 Aug 18 21:35 news.err -rw-r--r-- 1 root news 0 Aug 18 21:35 news.notice (Sorry for it being so long; please also excuse the line length :) Anything suspicious / wrong there? How do I change logrotate so that there aren't that many old gzipped files kept? Oh, and is there a program for checking/fixing permissions/ownerships of critical files? Cheers Sven -- Powered by Debian GNU/Linux
