[Bug 1059854] Re: auth.log is empty
nick parlante
nick.parlante at cs.stanford.edu
Tue Oct 2 22:25:15 UTC 2012
Ok, I've written a short Checkbox style test -- that much I could figure
out. I'm hoping someone with permission to submit new checkbox tests can
wrap this up as a checkbox job. It would be interesting to run it after
each install/upgrade cycle as I suspect that's when this bug happens.
#!/bin/bash
#
# Test that the owner of auth.log is syslog
# This test is meaningless if auth.log does not exist, so the
# dependencies should run this after it has been created.
if [[ -e /var/log/auth.log && `stat -c %U /var/log/auth.log` != "syslog" ]]
then
echo "auth.log is not owned by syslog" >&2
exit 1
else
exit 0
fi
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rsyslog in Ubuntu.
https://bugs.launchpad.net/bugs/1059854
Title:
auth.log is empty
Status in “rsyslog” package in Ubuntu:
New
Bug description:
On a fresh 12.04 64 bit machine in the default state + sshd installed,
the auth.log file remained empty, when normally it would fill up with
sshd hacking attempts. The sshd_config was left at its default, which
should record login failures.
I have figured out a workaround, which is probably a good clue about
the underlying bug.
It turns out that the permissions of auth.log were: messagebus
(owner) adm (group)
doing a
sudo chown syslog /etc/auth.log
fixed the problem instantly, with failed logins now going to the file
as expected. I don't know if this "fix" will survive log rotation.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1059854/+subscriptions
More information about the foundations-bugs
mailing list