Apologies, but I have to correct/improve myself on the previous comment.
I have a feeling I was running an older version of logcheck.
If I run logcheck from cron with full path (certainly the ubuntu
version) like this:
sudo -u logcheck /usr/sbin/logcheck -op
(given that I add /usr/bin/logcheck to /etc/sudoers with NOPASSWD)
or alernatively:
Add a setuid logcheck to /usr/sbin/logcheck:
sudo chown logcheck /usr/sbin/logcheck
chmod u+s /usr/sbin/logcheck
Then, the offset files get created/updated under:
/var/lib/logcheck/offset.var.log.<filename>
and the 'touch/chown' fix (step 2 above) is not necessary.
It is all hairy, but overall, the setuid checklog, setgid adm looks like the
cleanest solution.
What is required is for all of the 3 conditions to be true:
- /usr/sbin/logcheck can read all its configs under /etc/logcheck/*/*
- /usr/sbin/logtail can write offset files under /var/lib/logcheck/*
- /usr/sbin/logtail can read files under /var/log (some of which are
user:group root:adm and not world readable)
Sorry.
--
logcheck fails when auth.log.1.gz missing
https://bugs.launchpad.net/bugs/149641
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
