tags 728306 patch thanks Hi,
I've created a patch to fix this issue: * adds all logfiles referenced in the configfiles to freeradius.logrotate * adds a patch to debian/patches to remove the date from the filenames * adds the above patch to the debian/patches/series file Regards, Tom
diff -Naurp a/debian/freeradius.logrotate b/debian/freeradius.logrotate --- a/debian/freeradius.logrotate 2012-06-29 14:31:44.000000000 +0200 +++ b/debian/freeradius.logrotate 2013-10-30 14:12:10.278786827 +0100 @@ -1,10 +1,23 @@ -/var/log/freeradius/*.log { +/var/log/freeradius/*.log +/var/log/freeradius/sqltrace.sql +/var/log/freeradius/radwtmp +/var/log/freeradius/radutmp +/var/log/freeradius/linelog +/var/log/freeradius/cuitrace.sql +/var/log/freeradius/sradutmp +/var/log/freeradius/radacct/*/detail +/var/log/freeradius/radacct/*/auth-detail +/var/log/freeradius/radacct/*/reply-detail +/var/log/freeradius/radacct/*/pre-proxy-detail +/var/log/freeradius/radacct/*/post-proxy-detail +/var/log/freeradius/radacct/*/sql-relay { weekly rotate 52 compress delaycompress notifempty missingok + sharedscripts postrotate /etc/init.d/freeradius reload > /dev/null endscript diff -Naurp a/debian/patches/radacct-log.patch b/debian/patches/radacct-log.patch --- a/debian/patches/radacct-log.patch 1970-01-01 01:00:00.000000000 +0100 +++ b/debian/patches/radacct-log.patch 2013-10-30 14:10:59.722491649 +0100 @@ -0,0 +1,127 @@ +Author: Tom Jampen <t...@cryptography.ch> +Description: + This patch modifies the default freeradius configuration and thus allows + logrotate to rotate all logfile. It specifically removes dates and times from + logfile names. + +diff -Naurp a/raddb/modules/detail b/raddb/modules/detail +--- a/raddb/modules/detail 2013-10-30 11:55:01.600274413 +0100 ++++ b/raddb/modules/detail 2013-10-30 12:07:34.703092048 +0100 +@@ -31,7 +31,7 @@ detail { + # be ONE "listen" section reading detail files from a + # particular directory. + # +- detailfile = ${radacctdir}/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d ++ detailfile = ${radacctdir}/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail + + # + # The Unix-style permissions on the 'detail' file. +diff -Naurp a/raddb/modules/detail.example.com b/raddb/modules/detail.example.com +--- a/raddb/modules/detail.example.com 2013-10-30 11:55:13.888321395 +0100 ++++ b/raddb/modules/detail.example.com 2013-10-30 12:07:49.983147068 +0100 +@@ -23,5 +23,5 @@ + # $Id$ + # + detail detail.example.com { +- detailfile = ${radacctdir}/detail.example.com/detail-%Y%m%d:%H ++ detailfile = ${radacctdir}/detail.example.com/detail + } +diff -Naurp a/raddb/modules/detail.log b/raddb/modules/detail.log +--- a/raddb/modules/detail.log 2013-10-30 11:55:22.336353696 +0100 ++++ b/raddb/modules/detail.log 2013-10-30 12:08:13.871233112 +0100 +@@ -15,7 +15,7 @@ + # in the 'authorize' section, below. + # + detail auth_log { +- detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d ++ detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail + + # + # This MUST be 0600, otherwise anyone can read +@@ -37,7 +37,7 @@ detail auth_log { + # in the 'post-auth' section, below. + # + detail reply_log { +- detailfile = ${radacctdir}/%{Client-IP-Address}/reply-detail-%Y%m%d ++ detailfile = ${radacctdir}/%{Client-IP-Address}/reply-detail + + detailperm = 0600 + } +@@ -49,7 +49,7 @@ detail reply_log { + # in the 'pre-proxy' section, below. + # + detail pre_proxy_log { +- detailfile = ${radacctdir}/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d ++ detailfile = ${radacctdir}/%{Client-IP-Address}/pre-proxy-detail + + # + # This MUST be 0600, otherwise anyone can read +@@ -69,7 +69,7 @@ detail pre_proxy_log { + # in the 'post-proxy' section, below. + # + detail post_proxy_log { +- detailfile = ${radacctdir}/%{Client-IP-Address}/post-proxy-detail-%Y%m%d ++ detailfile = ${radacctdir}/%{Client-IP-Address}/post-proxy-detail + + detailperm = 0600 + } +diff -Naurp a/raddb/radiusd.conf.in b/raddb/radiusd.conf.in +--- a/raddb/radiusd.conf.in 2013-10-30 10:54:52.718397699 +0100 ++++ b/raddb/radiusd.conf.in 2013-10-30 11:59:13.421238451 +0100 +@@ -420,7 +420,7 @@ log { + # The attribute that the value is assigned to is unimportant, + # and should be a "throw-away" attribute with no side effects. + # +- #requests = ${logdir}/radiusd-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d.log ++ #requests = ${logdir}/radiusd-%{%{Virtual-Server}:-DEFAULT}.log + + # + # Which syslog facility to use, if ${destination} == "syslog" +diff -Naurp a/raddb/sites-available/buffered-sql b/raddb/sites-available/buffered-sql +--- a/raddb/sites-available/buffered-sql 2013-10-30 11:57:57.184946318 +0100 ++++ b/raddb/sites-available/buffered-sql 2013-10-30 12:10:09.531650214 +0100 +@@ -43,7 +43,7 @@ server buffered-sql { + # The location where the detail file is located. + # This should be on local disk, and NOT on an NFS + # mounted location! +- filename = "${radacctdir}/detail-*" ++ filename = "${radacctdir}/detail.example.com/detail" + + # + # The server can read accounting packets from the +diff -Naurp a/raddb/sites-available/copy-acct-to-home-server b/raddb/sites-available/copy-acct-to-home-server +--- a/raddb/sites-available/copy-acct-to-home-server 2013-10-30 11:57:45.540901720 +0100 ++++ b/raddb/sites-available/copy-acct-to-home-server 2013-10-30 12:10:32.411732822 +0100 +@@ -63,7 +63,7 @@ server copy-acct-to-home-server { + # one large file. File globbing also means that with + # a common naming scheme for detail files, then you can + # have many detail file writers, and only one reader. +- filename = ${radacctdir}/detail ++ filename = ${radacctdir}/detail.example.com/detail + + # + # The server can read accounting packets from the +diff -Naurp a/raddb/sites-available/decoupled-accounting b/raddb/sites-available/decoupled-accounting +--- a/raddb/sites-available/decoupled-accounting 2013-10-30 11:57:30.496844108 +0100 ++++ b/raddb/sites-available/decoupled-accounting 2013-10-30 12:09:08.399429653 +0100 +@@ -40,7 +40,7 @@ server read-detail.example.com { + # the home server. + listen { + type = detail +- filename = "${radacctdir}/detail.example.com/detail-*:*" ++ filename = "${radacctdir}/detail.example.com/detail" + load_factor = 10 + } + +diff -Naurp a/raddb/sites-available/robust-proxy-accounting b/raddb/sites-available/robust-proxy-accounting +--- a/raddb/sites-available/robust-proxy-accounting 2013-10-30 11:58:01.968964644 +0100 ++++ b/raddb/sites-available/robust-proxy-accounting 2013-10-30 12:09:26.559495150 +0100 +@@ -140,7 +140,7 @@ server home.example.com { + # may be read by one, the other, or both "listen" sections. + listen { + type = detail +- filename = "${radacctdir}/detail.example.com/detail-*:*" ++ filename = "${radacctdir}/detail.example.com/detail" + load_factor = 10 + } + diff -Naurp a/debian/patches/series b/debian/patches/series --- a/debian/patches/series 2012-12-16 21:52:41.000000000 +0100 +++ b/debian/patches/series 2013-10-30 14:11:34.166635789 +0100 @@ -9,3 +9,4 @@ cf_section_parse_init.diff radmin.getenv.conffile.diff CVE-2012-3547.diff CVE-2011-4966.diff +radacct-log.patch