From nobody@FreeBSD.org  Fri Jan  8 10:31:04 2010
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 50B9E106566B
	for <freebsd-gnats-submit@FreeBSD.org>; Fri,  8 Jan 2010 10:31:04 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 407CA8FC0A
	for <freebsd-gnats-submit@FreeBSD.org>; Fri,  8 Jan 2010 10:31:04 +0000 (UTC)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o08AV4lJ084629
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 8 Jan 2010 10:31:04 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id o08AV3xS084628;
	Fri, 8 Jan 2010 10:31:03 GMT
	(envelope-from nobody)
Message-Id: <201001081031.o08AV3xS084628@www.freebsd.org>
Date: Fri, 8 Jan 2010 10:31:03 GMT
From: Mister Olli <mister.olli@googlemail.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: /var/log/auth.log may not be rotated for yours
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         142467
>Category:       conf
>Synopsis:       /var/log/auth.log may not be rotated for years
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    glebius
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jan 08 10:40:02 UTC 2010
>Closed-Date:    Wed Apr 25 07:09:40 UTC 2012
>Last-Modified:  Wed Apr 25 07:10:13 UTC 2012
>Originator:     Mister Olli
>Release:        8.0, 6.2, 7.0
>Organization:
>Environment:
FreeBSD SYSTEM 6.2-RELEASE-p9 FreeBSD 6.2-RELEASE-p9 #6: Fri Feb 22 16:11:56 CET 2008     SYSTEM:/usr/obj/usr/src/sys/CUSTOM  i386

>Description:
On system with rare logins /var/log/auth.log may not get rotated, as
'/etc/newsyslog.conf' is configured to rotate if filesize > 100kb.

As login attempts via SSH are saved without year information
'/etc/periodic/security/800.loginfail' will report fail logins from
past years. This heavily confuses users.
>How-To-Repeat:
- Make a default installation
- Do some failed logins
- Wait 1 year ;-)
>Fix:
'/var/log/auth.log' should be rotated at least once a year.
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->patched 
State-Changed-By: glebius 
State-Changed-When: Mon Mar 19 10:33:00 UTC 2012 
State-Changed-Why:  
Fixed in http://svnweb.freebsd.org/base?view=revision&revision=233167 


Responsible-Changed-From-To: freebsd-bugs->glebius 
Responsible-Changed-By: glebius 
Responsible-Changed-When: Mon Mar 19 10:33:00 UTC 2012 
Responsible-Changed-Why:  
Fixed in http://svnweb.freebsd.org/base?view=revision&revision=233167 

http://www.freebsd.org/cgi/query-pr.cgi?pr=142467 
State-Changed-From-To: patched->closed 
State-Changed-By: glebius 
State-Changed-When: Wed Apr 25 07:09:17 UTC 2012 
State-Changed-Why:  
Fixed in stable/9, would be available in 9.1-RELEASE. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=142467 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: conf/142467: commit references a PR
Date: Wed, 25 Apr 2012 07:09:12 +0000 (UTC)

 Author: glebius
 Date: Wed Apr 25 07:09:02 2012
 New Revision: 234675
 URL: http://svn.freebsd.org/changeset/base/234675
 
 Log:
   Merge r233167 from head:
     Rotate auth.log and messages at the beginning of a year. Otherwise,
     daily security checks 800.loginfail and 900.tcpwrap may produce
     false positive alerts.
   
   PR:		142467, 165331
 
 Modified:
   stable/9/etc/newsyslog.conf
 Directory Properties:
   stable/9/etc/   (props changed)
 
 Modified: stable/9/etc/newsyslog.conf
 ==============================================================================
 --- stable/9/etc/newsyslog.conf	Wed Apr 25 07:04:48 2012	(r234674)
 +++ stable/9/etc/newsyslog.conf	Wed Apr 25 07:09:02 2012	(r234675)
 @@ -19,7 +19,7 @@
  # logfilename          [owner:group]    mode count size when  flags [/pid_file] [sig_num]
  /var/log/all.log			600  7	   *	@T00  J
  /var/log/amd.log			644  7	   100	*     J
 -/var/log/auth.log			600  7     100  *     JC
 +/var/log/auth.log			600  7     100  @0101T JC
  /var/log/console.log			600  5	   100	*     J
  /var/log/cron				600  3	   100	*     JC
  /var/log/daily.log			640  7	   *	@T00  JN
 @@ -27,7 +27,7 @@
  /var/log/kerberos.log			600  7	   100	*     J
  /var/log/lpd-errs			644  7	   100	*     JC
  /var/log/maillog			640  7	   *	@T00  JC
 -/var/log/messages			644  5	   100	*     JC
 +/var/log/messages			644  5	   100	@0101T JC
  /var/log/monthly.log			640  12	   *	$M1D0 JN
  /var/log/pflog				600  3	   100	*     JB    /var/run/pflogd.pid
  /var/log/ppp.log	root:network	640  3	   100	*     JC
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
>Unformatted:
