Centreon – Logrotate hat Berechtigungsprobleme insecure permissions

Logrotate produziert folgende Meldung: error: skipping  „/var/log/centreon-broker/central-broker.log“ because parent directory has insecure permissions (It’s world writable or writable by group which is not „root“) Set „su“ directive in config file to tell logrotate which user/group should be used for rotation.

Mir ist aufgefallen das bei einem manuellen ausführen von logrotate über „logrotate -f /etc/logrotate.conf“ ein paar Fehler angezeigt werden:

error: skipping "/var/log/centreon-broker/central-broker.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive                                       in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/centreon-broker/central-broker-master.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" dir                                      ective in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/centreon-broker/central-module-master.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" dir                                      ective in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/centreon-broker/central-rrd.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in                                       config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/centreon-broker/central-rrd-master.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" direct                                      ive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/centreon-broker/watchdog.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in con                                      fig file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/centreon/centAcl.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file                                       to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/centreon/centcore.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config fil                                      e to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/centreon/centreon-backup.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in con                                      fig file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/centreon/centreon-partitioning.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive                                       in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/centreon/centreon-purge.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in conf                                      ig file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/centreon/dashboardBuilder.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in co                                      nfig file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/centreon/downtimeManager.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in con                                      fig file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/centreon/eventReportBuilder.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in                                       config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/centreon/knowledgebase.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in confi                                      g file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/centreon/login.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file t                                      o tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/centreon/nagiosPerfTrace.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in con                                      fig file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/centreon/rrdtool.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file                                       to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/centreon/sql-error.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config fi                                      le to tell logrotate which user/group should be used for rotation.

Problem: logrotate fehlt die Berechtigung um die Dateien anpacken zu dürfen.

Lösung: Wir geben Logrotate die passenden Berechtigungen. Hierzu muss die Datei „/etc/logrotate.d/cbd“ mit einem „su centreon-broker centreon-broker“ ergänzt werden:

/var/log/centreon-broker/*log {
    su centreon-broker centreon-broker
    compress
    daily
    notifempty
    missingok
    rotate 7
    size 100M
    copytruncate
}

Das gleiche mit der „/etc/logrotate.d/centreon“ Datei:

/var/log/centreon/*.log {
su centreon centreon
compress
daily
notifempty
copytruncate
missingok
rotate 7
size 20M
}

3 Kommentare zu “Centreon – Logrotate hat Berechtigungsprobleme insecure permissions”

  1. Have you tested this? because in ‚/var/log/centreon-broker/‘ files are not only owned by centreon-broker.

    The same with ‚/var/log/centreon/‘. Log files files under here are owned by apache, root and centreon.

    Won’t we need more fine-tuning of the lograte config?

  2. Thanks, now its work. My files are only owned by centreon-broker and centroen:

    [root@cent ~]# ls -lah /var/log/centreon-broker/
    total 13M
    drwxrwxr-x. 2 centreon-broker centreon-broker 4.0K Aug 16 15:07 .
    drwxr-xr-x. 16 root root 4.0K Aug 16 14:57 ..
    -rw-rw-r–. 1 centreon-broker centreon-broker 0 Feb 9 2017 central-broker.log
    -rw-rw-r–. 1 centreon-broker centreon-broker 90K Nov 29 2016 central-broker.log-20170209.gz
    -rw-rw-r–. 1 centreon-broker centreon-broker 2.3K Aug 16 15:07 central-broker-master.log
    -rw-rw-r–. 1 centreon-broker centreon-broker 321 Aug 16 15:07 central-broker-master.log.1.gz
    -rw-rw-r–. 1 centreon-broker centreon-broker 2.3K Feb 8 2017 central-broker-master.log-20170209.gz
    -rw-rw-r–. 1 centreon-broker centreon-broker 1.2M Aug 16 15:06 central-broker-master.log.2.gz
    -rw-rw-r–. 1 centreon-broker centreon-broker 0 Aug 16 15:06 central-module-master.log

    and

    [root@cent ~]# ls -lah /var/log/centreon
    total 908K
    drwxrwxr-x. 2 centreon centreon 4.0K Aug 16 15:06 .
    drwxr-xr-x. 16 root root 4.0K Aug 16 14:57 ..
    -rw-rw-r–. 1 centreon centreon 126 Aug 16 15:07 centAcl.log
    -rw-rw-r–. 1 centreon centreon 61K Aug 16 15:06 centAcl.log.1.gz
    -rw-rw-r–. 1 centreon centreon 6.0K Feb 9 2017 centAcl.log-20170209.gz
    -rw-rw-r–. 1 centreon centreon 0 Aug 16 15:06 centcore.log
    -rw-rw-r–. 1 centreon centreon 1.5K Aug 11 15:56 centcore.log.1.gz
    -rw-rw-r–. 1 centreon centreon 21 Jan 30 2017 centcore.log-20170209.gz
    -rw-rw-r–. 1 centreon centreon 0 Aug 16 15:06 centreon-backup.log
    -rw-rw-r–. 1 centreon centreon 134 Jun 6 03:30 centreon-backup.log.1.gz
    -rw-rw-r–. 1 centreon centreon 155 Feb 9 2017 centreon-backup.log-20170209.gz

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.

*