[Logcheck-devel] Bug#598550: marked as done (Perms on /etc/logcheck/*)

[Debian Bug Tracking System]

Your message dated Thu, 30 Sep 2010 09:45:35 +0200
with message-id <20100930074535.gh31...@fishbowl.rw.madduck.net>
and subject line Re: Bug#598550: Perms on /etc/logcheck/*
has caused the Debian Bug report #598550,
regarding Perms on /etc/logcheck/*
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
598550: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598550
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: logcheck
Version: 1.2.69
Severity: wishlist

Hi.  Thanks for your efforts.

   --------------------------------
drwxr-s--- 2 root logcheck 1024 2009-11-17 11:32 cracking.d/
drwxr-s--- 2 root logcheck 1024 2009-11-17 11:32 cracking.ignore.d/
-rw-r--r-- 1 root logcheck  188 2008-12-09 02:37 header.txt
drwxr-s--- 2 root logcheck 1024 2010-06-23 12:21 ignore.d.paranoid/
drwxr-s--- 2 root logcheck 3072 2010-06-23 12:21 ignore.d.server/
drwxr-s--- 2 root logcheck 1024 2010-06-23 12:21 ignore.d.workstation/
-rw-r----- 1 root logcheck 2580 2010-07-01 22:08 logcheck.conf
-rw-r----- 1 root root     2581 2009-11-22 08:02 logcheck.conf~
-rw-r----- 1 root logcheck  131 2009-02-11 04:57 logcheck.logfiles
drwxr-s--- 2 root logcheck 1024 2009-11-17 11:32 violations.d/
drwxr-s--- 2 root logcheck 2048 2009-11-17 11:32 violations.ignore.d/
   --------------------------------

I'm primary user on this box:

   --------------------------------
(0) infidel /home/keeling_ id
uid=1000(keeling) gid=1000(keeling)
groups=4(adm),20(dialout),24(cdrom),25(floppy),29(audio),44(video),46(plugdev),50(staff),108(netdev),1000(keeling)
   --------------------------------

As member of adm, I can read /etc/log/messages, et al.  However, I'm not
allowed to view /etc/logcheck/logcheck.conf, yet I'm the one logcheck is
sending reports to.  Uh, ...  Should I add keeling to group logcheck?
What's the downside?

Again, thanks.


-- System Information:
Debian Release: 5.0.6
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (x86_64)

Kernel: Linux 2.6.32-bpo.5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages logcheck depends on:
ii  adduser            3.110                 add and remove users and groups
ii  bsd-mailx [mailx]  8.1.2-0.20071201cvs-3 A simple mail user agent
ii  cron               3.0pl1-105            management of regular background p
ii  lockfile-progs     0.1.11-0.1            Programs for locking and unlocking
ii  logtail            1.2.69                Print log file lines that have not
ii  mailx              1:20071201-3          Transitional package for mailx ren
ii  postfix [mail-tran 2.5.5-1.1             High-performance mail transport ag
ii  rsyslog [system-lo 3.18.6-4              enhanced multi-threaded syslogd

Versions of packages logcheck recommends:
ii  logcheck-database             1.2.69     database of system log rules for t

Versions of packages logcheck suggests:
pn  syslog-summary                <none>     (no description available)

-- no debconf information

--- End Message ---

--- Begin Message ---

also sprach s. keeling <keel...@nucleus.com> [2010.09.30.0253 +0200]:
> As member of adm, I can read /etc/log/messages, et al.  However,
> I'm not allowed to view /etc/logcheck/logcheck.conf, yet I'm the
> one logcheck is sending reports to.  Uh, ...  Should I add keeling
> to group logcheck?

Yes, if you trust the user (yourself).

> What's the downside?

None, if you trust the user. If you don't trust the user, s/he could
probably manipulate the files in /var/lib/logcheck and hide log
messages that way.

But logcheck is not supposed to be used as a security tool anyway,
as it's way too unreliable for that.

-- 
 .''`.   martin f. krafft <madd...@d.o>      Related projects:
: :'  :  proud Debian developer               http://debiansystem.info
`. `'`   http://people.debian.org/~madduck    http://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems

--- End Message ---

_______________________________________________
Logcheck-devel mailing list
Logcheck-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel