logs and emails
Kevin Fenzi
kevin at scrye.com
Wed Aug 10 18:59:10 UTC 2011
On Thu, 4 Aug 2011 11:17:18 -0600
Stephen John Smoogen <smooge at gmail.com> wrote:
...snip...
> >> Passwords creep into the logs every now and then. The usual is that
> >> someone tries to login with their password. Sorry about the write
> >> on group, I thought i fixed that a while ago.
> >
> > Yeah, I'll go look thru logs and see if there's anything there that
> > looks problematic. We might be able to just have the system log ones
> > readable, but leave the httpd ones closed up (those would be the
> > only ones that might have passwords I would think).
>
> Hmmm I thought the httpd ones were more open :).
So, I did some digging around and I can't off hand find any passwords
in any of the httpd error logs or the like. Of course that doesn't
prevent a bug from happening.
So, what I would propose on this
(after the freeze):
* chown -R root:root /var/log/hosts /var/log/merged
* chmod -R 0644 /var/log/hosts /var/log/merged
* change /etc/rsyslog.conf to:
$DirCreateMode 0755
$FileCreateMode 0644
$FileOwner root
$FileGroup root
* add 'fi-apprentice' to be able to login there.
If we find anything logging sensitive information, we need to fix it
not to do that, and/or re-evaluate.
kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20110810/c4ca2c6f/attachment.bin
More information about the infrastructure
mailing list