tags 728306 patch
thanks
Hi,
I've created a patch to fix this issue:
* adds all logfiles referenced in the configfiles to freeradius.logrotate
* adds a patch to debian/patches to remove the date from the filenames
* adds the above patch to the debian/patches/series file
Regards,
Tom
diff -Naurp a/debian/freeradius.logrotate b/debian/freeradius.logrotate
--- a/debian/freeradius.logrotate 2012-06-29 14:31:44.000000000 +0200
+++ b/debian/freeradius.logrotate 2013-10-30 14:12:10.278786827 +0100
@@ -1,10 +1,23 @@
-/var/log/freeradius/*.log {
+/var/log/freeradius/*.log
+/var/log/freeradius/sqltrace.sql
+/var/log/freeradius/radwtmp
+/var/log/freeradius/radutmp
+/var/log/freeradius/linelog
+/var/log/freeradius/cuitrace.sql
+/var/log/freeradius/sradutmp
+/var/log/freeradius/radacct/*/detail
+/var/log/freeradius/radacct/*/auth-detail
+/var/log/freeradius/radacct/*/reply-detail
+/var/log/freeradius/radacct/*/pre-proxy-detail
+/var/log/freeradius/radacct/*/post-proxy-detail
+/var/log/freeradius/radacct/*/sql-relay {
weekly
rotate 52
compress
delaycompress
notifempty
missingok
+ sharedscripts
postrotate
/etc/init.d/freeradius reload > /dev/null
endscript
diff -Naurp a/debian/patches/radacct-log.patch b/debian/patches/radacct-log.patch
--- a/debian/patches/radacct-log.patch 1970-01-01 01:00:00.000000000 +0100
+++ b/debian/patches/radacct-log.patch 2013-10-30 14:10:59.722491649 +0100
@@ -0,0 +1,127 @@
+Author: Tom Jampen <t...@cryptography.ch>
+Description:
+ This patch modifies the default freeradius configuration and thus allows
+ logrotate to rotate all logfile. It specifically removes dates and times from
+ logfile names.
+
+diff -Naurp a/raddb/modules/detail b/raddb/modules/detail
+--- a/raddb/modules/detail 2013-10-30 11:55:01.600274413 +0100
++++ b/raddb/modules/detail 2013-10-30 12:07:34.703092048 +0100
+@@ -31,7 +31,7 @@ detail {
+ # be ONE "listen" section reading detail files from a
+ # particular directory.
+ #
+- detailfile = ${radacctdir}/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
++ detailfile = ${radacctdir}/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail
+
+ #
+ # The Unix-style permissions on the 'detail' file.
+diff -Naurp a/raddb/modules/detail.example.com b/raddb/modules/detail.example.com
+--- a/raddb/modules/detail.example.com 2013-10-30 11:55:13.888321395 +0100
++++ b/raddb/modules/detail.example.com 2013-10-30 12:07:49.983147068 +0100
+@@ -23,5 +23,5 @@
+ # $Id$
+ #
+ detail detail.example.com {
+- detailfile = ${radacctdir}/detail.example.com/detail-%Y%m%d:%H
++ detailfile = ${radacctdir}/detail.example.com/detail
+ }
+diff -Naurp a/raddb/modules/detail.log b/raddb/modules/detail.log
+--- a/raddb/modules/detail.log 2013-10-30 11:55:22.336353696 +0100
++++ b/raddb/modules/detail.log 2013-10-30 12:08:13.871233112 +0100
+@@ -15,7 +15,7 @@
+ # in the 'authorize' section, below.
+ #
+ detail auth_log {
+- detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d
++ detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail
+
+ #
+ # This MUST be 0600, otherwise anyone can read
+@@ -37,7 +37,7 @@ detail auth_log {
+ # in the 'post-auth' section, below.
+ #
+ detail reply_log {
+- detailfile = ${radacctdir}/%{Client-IP-Address}/reply-detail-%Y%m%d
++ detailfile = ${radacctdir}/%{Client-IP-Address}/reply-detail
+
+ detailperm = 0600
+ }
+@@ -49,7 +49,7 @@ detail reply_log {
+ # in the 'pre-proxy' section, below.
+ #
+ detail pre_proxy_log {
+- detailfile = ${radacctdir}/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d
++ detailfile = ${radacctdir}/%{Client-IP-Address}/pre-proxy-detail
+
+ #
+ # This MUST be 0600, otherwise anyone can read
+@@ -69,7 +69,7 @@ detail pre_proxy_log {
+ # in the 'post-proxy' section, below.
+ #
+ detail post_proxy_log {
+- detailfile = ${radacctdir}/%{Client-IP-Address}/post-proxy-detail-%Y%m%d
++ detailfile = ${radacctdir}/%{Client-IP-Address}/post-proxy-detail
+
+ detailperm = 0600
+ }
+diff -Naurp a/raddb/radiusd.conf.in b/raddb/radiusd.conf.in
+--- a/raddb/radiusd.conf.in 2013-10-30 10:54:52.718397699 +0100
++++ b/raddb/radiusd.conf.in 2013-10-30 11:59:13.421238451 +0100
+@@ -420,7 +420,7 @@ log {
+ # The attribute that the value is assigned to is unimportant,
+ # and should be a "throw-away" attribute with no side effects.
+ #
+- #requests = ${logdir}/radiusd-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d.log
++ #requests = ${logdir}/radiusd-%{%{Virtual-Server}:-DEFAULT}.log
+
+ #
+ # Which syslog facility to use, if ${destination} == "syslog"
+diff -Naurp a/raddb/sites-available/buffered-sql b/raddb/sites-available/buffered-sql
+--- a/raddb/sites-available/buffered-sql 2013-10-30 11:57:57.184946318 +0100
++++ b/raddb/sites-available/buffered-sql 2013-10-30 12:10:09.531650214 +0100
+@@ -43,7 +43,7 @@ server buffered-sql {
+ # The location where the detail file is located.
+ # This should be on local disk, and NOT on an NFS
+ # mounted location!
+- filename = "${radacctdir}/detail-*"
++ filename = "${radacctdir}/detail.example.com/detail"
+
+ #
+ # The server can read accounting packets from the
+diff -Naurp a/raddb/sites-available/copy-acct-to-home-server b/raddb/sites-available/copy-acct-to-home-server
+--- a/raddb/sites-available/copy-acct-to-home-server 2013-10-30 11:57:45.540901720 +0100
++++ b/raddb/sites-available/copy-acct-to-home-server 2013-10-30 12:10:32.411732822 +0100
+@@ -63,7 +63,7 @@ server copy-acct-to-home-server {
+ # one large file. File globbing also means that with
+ # a common naming scheme for detail files, then you can
+ # have many detail file writers, and only one reader.
+- filename = ${radacctdir}/detail
++ filename = ${radacctdir}/detail.example.com/detail
+
+ #
+ # The server can read accounting packets from the
+diff -Naurp a/raddb/sites-available/decoupled-accounting b/raddb/sites-available/decoupled-accounting
+--- a/raddb/sites-available/decoupled-accounting 2013-10-30 11:57:30.496844108 +0100
++++ b/raddb/sites-available/decoupled-accounting 2013-10-30 12:09:08.399429653 +0100
+@@ -40,7 +40,7 @@ server read-detail.example.com {
+ # the home server.
+ listen {
+ type = detail
+- filename = "${radacctdir}/detail.example.com/detail-*:*"
++ filename = "${radacctdir}/detail.example.com/detail"
+ load_factor = 10
+ }
+
+diff -Naurp a/raddb/sites-available/robust-proxy-accounting b/raddb/sites-available/robust-proxy-accounting
+--- a/raddb/sites-available/robust-proxy-accounting 2013-10-30 11:58:01.968964644 +0100
++++ b/raddb/sites-available/robust-proxy-accounting 2013-10-30 12:09:26.559495150 +0100
+@@ -140,7 +140,7 @@ server home.example.com {
+ # may be read by one, the other, or both "listen" sections.
+ listen {
+ type = detail
+- filename = "${radacctdir}/detail.example.com/detail-*:*"
++ filename = "${radacctdir}/detail.example.com/detail"
+ load_factor = 10
+ }
+
diff -Naurp a/debian/patches/series b/debian/patches/series
--- a/debian/patches/series 2012-12-16 21:52:41.000000000 +0100
+++ b/debian/patches/series 2013-10-30 14:11:34.166635789 +0100
@@ -9,3 +9,4 @@ cf_section_parse_init.diff
radmin.getenv.conffile.diff
CVE-2012-3547.diff
CVE-2011-4966.diff
+radacct-log.patch
