Project

General

Profile

Actions
Copy link

Bug #2379

closed

/etc/logrotate.d/rudder has some errors and empties or removes /etc/init.d/apache2 on SLES server

Added by Nicolas PERRON over 12 years ago. Updated over 9 years ago.

Status:
Released
Priority:
1 (highest)
Assignee:
Nicolas PERRON
Category:
Packaging
Target version:
2.3.7
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:

Description

Using auditd to monitor /etc/init.d/apache2:

# auditctl -w /etc/init.d/apache2 -p war -k apache-initd
# auditctl -e 1

After trying to use rudder logrotate

# logrotate -f /etc/logrotate.d/rudder 
error: /etc/logrotate.d/rudder:8 unknown group 'adm'
error: found error in /var/log/rudder/apache2/*.log , skipping
error: /etc/logrotate.d/rudder:11 lines must begin with a keyword or a filename (possibly in double quotes)
error: /etc/logrotate.d/rudder:12 unknown option 'if' -- ignoring line
error: /etc/logrotate.d/rudder:12 unexpected text
error: /etc/logrotate.d/rudder:13 unknown option 'invoke' -- ignoring line
error: /etc/logrotate.d/rudder:13 unexpected text
error: /etc/logrotate.d/rudder:14 unknown option 'else' -- ignoring line
error: /etc/logrotate.d/rudder:15 duplicate log entry for fi
error: found error in /etc/init.d/apache2 reload > /dev/null
                fi
            fi
        endscript
}

What we notice is that logrotate modified /etc/init.d/apache2

# ausearch -f /etc/init.d/apache2 > /tmp/apacheEmptied.log

# ls -lh /etc/init.d/apache*
-rwxr--r-- 1 root root 11K mars  7 18:04 /etc/init.d/apache2-20120311
-rwxr--r-- 1 root root 11K mai  5  2010 /etc/init.d/apache2-20120318

# tail /tmp/apacheEmptied.log 
type=CWD msg=audit(1332151344.068:25157):  cwd="/root" 
type=SYSCALL msg=audit(1332151344.068:25157): arch=c000003e syscall=2 success=yes exit=3 a0=7e0000 a1=0 a2=0 a3=1 items=1 ppid=14733 pid=15889 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=3695 comm="vim" exe="/bin/vim-normal" key="apache-initd" 
----
time->Mon Mar 19 11:02:55 2012
type=PATH msg=audit(1332151375.520:25159): item=3 name="/etc/init.d/apache2.1" inode=708635 dev=08:02 mode=0100744 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1332151375.520:25159): item=2 name="/etc/init.d/apache2" inode=708635 dev=08:02 mode=0100744 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1332151375.520:25159): item=1 name="/etc/init.d/" inode=114037 dev=08:02 mode=040755 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1332151375.520:25159): item=0 name="/etc/init.d/" inode=114037 dev=08:02 mode=040755 ouid=0 ogid=0 rdev=00:00
type=CWD msg=audit(1332151375.520:25159):  cwd="/root" 
type=SYSCALL msg=audit(1332151375.520:25159): arch=c000003e syscall=82 success=no exit=-131940659355688 a0=614770 a1=61f330 a2=0 a3=0 items=4 ppid=14733 pid=15893 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=3695 comm="logrotate" exe="/usr/sbin/logrotate" key="apache-initd"
Actions
Copy link
 #1

Updated by Nicolas PERRON over 12 years ago

Using logrotate in debug mode (like a dry-run):

# logrotate -df /etc/logrotate.d/rudder
reading config file /etc/logrotate.d/rudder
reading config info for /var/log/rudder/apache2/*.log 
error: /etc/logrotate.d/rudder:8 unknown group 'adm'
error: found error in /var/log/rudder/apache2/*.log , skipping
removing last 1 log configs
error: /etc/logrotate.d/rudder:11 lines must begin with a keyword or a filename (possibly in double quotes)
error: /etc/logrotate.d/rudder:12 unknown option 'if' -- ignoring line
error: /etc/logrotate.d/rudder:12 unexpected text
error: /etc/logrotate.d/rudder:13 unknown option 'invoke' -- ignoring line
error: /etc/logrotate.d/rudder:13 unexpected text
error: /etc/logrotate.d/rudder:14 unknown option 'else' -- ignoring line
error: /etc/logrotate.d/rudder:15 duplicate log entry for fi
error: found error in /etc/init.d/apache2 reload > /dev/null
                fi
            fi
        endscript
}

/var/log/rudder/ldap/slapd.log , skipping
removing last 1 log configs
reading config info for /var/log/rudder/reports/*.log 
error: /etc/logrotate.d/rudder:32 unknown group 'adm'
error: found error in /var/log/rudder/reports/*.log , skipping
removing last 1 log configs

Handling 3 logs

rotating pattern: /var/log/rudder/apache2/*.log  forced from command line (30 rotations)
empty log files are not rotated, old logs are removed
considering log /var/log/rudder/apache2/access.log
  log does not need rotating
considering log /var/log/rudder/apache2/error.log
  log does not need rotating

rotating pattern: /etc/init.d/apache2 reload > /dev/null
                fi
            fi
        endscript
}

/var/log/rudder/ldap/slapd.log  forced from command line (no old logs will be kept)
empty log files are rotated, old logs are removed
considering log /etc/init.d/apache2
  log needs rotating
considering log reload
error: stat of reload failed: Aucun fichier ou dossier de ce type
considering log >
error: stat of > failed: Aucun fichier ou dossier de ce type
considering log /dev/null
  log needs rotating
considering log fi
error: stat of fi failed: Aucun fichier ou dossier de ce type
rotating log /etc/init.d/apache2, log->rotateCount is 0
dateext suffix '-20120319'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
renaming /etc/init.d/apache2.1 to /etc/init.d/apache2.2 (rotatecount 1, logstart 1, i 1), 
renaming /etc/init.d/apache2.0 to /etc/init.d/apache2.1 (rotatecount 1, logstart 1, i 0), 
renaming /etc/init.d/apache2 to /etc/init.d/apache2.1
disposeName will be /etc/init.d/apache2.1
removing old log /etc/init.d/apache2.1
rotating log /dev/null, log->rotateCount is 0
dateext suffix '-20120319'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
renaming /dev/null.1 to /dev/null.2 (rotatecount 1, logstart 1, i 1), 
renaming /dev/null.0 to /dev/null.1 (rotatecount 1, logstart 1, i 0), 
renaming /dev/null to /dev/null.1
disposeName will be /dev/null.1
removing old log /dev/null.1

rotating pattern: /var/log/rudder/reports/*.log  forced from command line (30 rotations)
empty log files are not rotated, old logs are removed
considering log /var/log/rudder/reports/extWinReport.log
  log does not need rotating
considering log /var/log/rudder/reports/winlog.log
  log does not need rotating
Actions
Copy link
 #2

Updated by Nicolas PERRON over 12 years ago

  • Status changed from New to In progress
Actions
Copy link
 #3

Updated by Nicolas PERRON over 12 years ago

  • Status changed from In progress to Pending technical review
  • % Done changed from 0 to 100
Actions
Copy link
 #4

Updated by Jonathan CLARKE over 12 years ago

  • Status changed from Pending technical review to Released

Looks good to me!

Actions
Copy link
 #5

Updated by Nicolas PERRON almost 12 years ago

  • Project changed from Rudder to 34
  • Category deleted (11)
Actions
Copy link
 #6

Updated by Benoît PECCATTE over 9 years ago

  • Project changed from 34 to Rudder
  • Category set to Packaging
Actions
Copy link

Also available in: Atom PDF