[Bug 1314691] [NEW] btmp should be rotated more frequently

Simon Déziel 1314691 at bugs.launchpad.net
Wed Apr 30 15:50:09 UTC 2014 

Public bug reported:

The rotation of btmp seems to be too infrequent considering that it's
easy to grow this file from an external machine.

In my testing, I generated (bad) SSH connections at a rate of 10
attempts/sec and was able to grow the btmp file of ~350MB/day. At this
rate, btmp would reach the 10GB in a month period (default rotation
period). A higher connection attempt rate is probably possible on
publicly exposed SSH servers.

Here's a proposed logrotate configuration for btmp that would improve
the situation:

/var/log/btmp {
    missingok
    notifempty
    weekly
    create 0660 root utmp
    rotate 8
    compress
    delaycompress
    maxsize 10M
}

The delaycompress makes it easy to use "lastb -f /var/log/btmp.1" while
still benefiting from the compression (btmp compresses well).

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: logrotate 3.8.7-1ubuntu1
ProcVersionSignature: Ubuntu 3.13.0-24.46-generic 3.13.9
Uname: Linux 3.13.0-24-generic x86_64
ApportVersion: 2.14.1-0ubuntu3
Architecture: amd64
CurrentDesktop: Unity
Date: Wed Apr 30 11:20:14 2014
InstallationDate: Installed on 2014-01-26 (93 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Alpha amd64 (20140124)
SourcePackage: logrotate
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: logrotate (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug trusty

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to logrotate in Ubuntu.
https://bugs.launchpad.net/bugs/1314691

Title:
  btmp should be rotated more frequently

Status in “logrotate” package in Ubuntu:
  New

Bug description:
  The rotation of btmp seems to be too infrequent considering that it's
  easy to grow this file from an external machine.

  In my testing, I generated (bad) SSH connections at a rate of 10
  attempts/sec and was able to grow the btmp file of ~350MB/day. At this
  rate, btmp would reach the 10GB in a month period (default rotation
  period). A higher connection attempt rate is probably possible on
  publicly exposed SSH servers.

  Here's a proposed logrotate configuration for btmp that would improve
  the situation:

  /var/log/btmp {
      missingok
      notifempty
      weekly
      create 0660 root utmp
      rotate 8
      compress
      delaycompress
      maxsize 10M
  }

  The delaycompress makes it easy to use "lastb -f /var/log/btmp.1"
  while still benefiting from the compression (btmp compresses well).

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: logrotate 3.8.7-1ubuntu1
  ProcVersionSignature: Ubuntu 3.13.0-24.46-generic 3.13.9
  Uname: Linux 3.13.0-24-generic x86_64
  ApportVersion: 2.14.1-0ubuntu3
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Wed Apr 30 11:20:14 2014
  InstallationDate: Installed on 2014-01-26 (93 days ago)
  InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Alpha amd64 (20140124)
  SourcePackage: logrotate
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/logrotate/+bug/1314691/+subscriptions

More information about the foundations-bugs mailing list