[apparmor] [profile] /etc/cron.daily/logrotate: a couple of DENIED messages.
Seth Arnold
seth.arnold at canonical.com
Thu Nov 10 18:55:07 UTC 2016
On Thu, Nov 10, 2016 at 11:21:15AM +0100, daniel curtis wrote:
> $ ls -al /var/log/kern.log
> -rw------- 1 root root 0 lis 9 11:44 /var/log/kern.log
>
> $ ls -al /var/log/kern.log.1
> -rw-r----- 1 syslog adm 1473399 lis 9 12:27 /var/log/kern.log.1 ## this
> file can be opened by me
>
> $ ls -al /var/log/syslog
> -rw------- 1 root root 0 lis 9 11:44 /var/log/syslog
>
These are certainly strange modes. Have you installed any programs or
tools that try to 'correct' security issues or enforce 'hardening'
guidelines?
I just checked a pristine 12.04 LTS system and found the following:
-rw-r----- 1 syslog adm 38513 Nov 10 18:29 /var/log/kern.log
-rw-r----- 1 syslog adm 44099 Nov 10 18:43 /var/log/syslog
So 'chown syslog:adm /var/log/kern.log /var/log/syslog ; chmod 640
/var/log/kern.log /var/log/syslog' should fix your permissions.
>
> What should I do? Use chmod(1) command to set proper owners/permissions? If
> yes - what is the proper command? And the last question: what could be
> responsible for such situation? Could it be /etc/cron.daily/logrotate
> profile? But how...
It's possible that logrotate might have failed, in which case hopefully
your dmesg or log files will include the DENIED lines involved.
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20161110/ad5f60ba/attachment.pgp>
More information about the AppArmor
mailing list