On Thu, 4 Aug 2011 11:17:18 -0600
Stephen John Smoogen <smooge(a)gmail.com> wrote:
...snip...
>> Passwords creep into the logs every now and then. The usual
is that
>> someone tries to login with their password. Sorry about the write
>> on group, I thought i fixed that a while ago.
>
> Yeah, I'll go look thru logs and see if there's anything there that
> looks problematic. We might be able to just have the system log ones
> readable, but leave the httpd ones closed up (those would be the
> only ones that might have passwords I would think).
Hmmm I thought the httpd ones were more open :).
So, I did some digging around and I can't off hand find any passwords
in any of the httpd error logs or the like. Of course that doesn't
prevent a bug from happening.
So, what I would propose on this
(after the freeze):
* chown -R root:root /var/log/hosts /var/log/merged
* chmod -R 0644 /var/log/hosts /var/log/merged
* change /etc/rsyslog.conf to:
$DirCreateMode 0755
$FileCreateMode 0644
$FileOwner root
$FileGroup root
* add 'fi-apprentice' to be able to login there.
If we find anything logging sensitive information, we need to fix it
not to do that, and/or re-evaluate.
kevin