Public bug reported:
The rotation of btmp seems to be too infrequent considering that it's
easy to grow this file from an external machine.
In my testing, I generated (bad) SSH connections at a rate of 10
attempts/sec and was able to grow the btmp file of ~350MB/day. At this
rate, btmp would reach the 10GB in a month period (default rotation
period). A higher connection attempt rate is probably possible on
publicly exposed SSH servers.
Here's a proposed logrotate configuration for btmp that would improve
the situation:
/var/log/btmp {
missingok
notifempty
weekly
create 0660 root utmp
rotate 8
compress
delaycompress
maxsize 10M
}
The delaycompress makes it easy to use "lastb -f /var/log/btmp.1" while
still benefiting from the compression (btmp compresses well).
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: logrotate 3.8.7-1ubuntu1
ProcVersionSignature: Ubuntu 3.13.0-24.46-generic 3.13.9
Uname: Linux 3.13.0-24-generic x86_64
ApportVersion: 2.14.1-0ubuntu3
Architecture: amd64
CurrentDesktop: Unity
Date: Wed Apr 30 11:20:14 2014
InstallationDate: Installed on 2014-01-26 (93 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Alpha amd64 (20140124)
SourcePackage: logrotate
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: logrotate (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug trusty
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1314691
Title:
btmp should be rotated more frequently
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/logrotate/+bug/1314691/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
