Re: NEVER remove log files without asking
On Sun, 15 Aug 2004 01:30, Matthew Wilcox <email@example.com> wrote:
> On Sun, Aug 15, 2004 at 01:03:26AM +1000, Russell Coker wrote:
> > Policy does not mandate "rm -rf" on the entire directory tree.
> No, but it does imply that apache owns /var/log/apache and is entitled
> to do so.
It created /var/log/apache and is entitled to run "rmdir /var/log/apache", but
if that rmdir fails because of files you don't own being in there then it has
> > Removing /var/log/apache/access.log* /var/log/apache/error.log* and
> > attempting rmdir on /var/log/apache satisfies the requirements of policy.
> I'm not sure it does. Policy states that we should remove logfiles.
> If the user has edited the config file to split some of the logfiles
> (for example, per virtual host is quite common), we should also remove
> those, no?
No. You should remove the default log files only. Other log files are the
> > Removing subdirectories of /var/log/apache and files other than
> > access.log* and error.log* in /var/log/apache is not required or expected
> > and can only give a bad result.
> > If you don't create it then don't remove it!
> But we did create it.
If you insist on removing /var/log/apache then move files you don't own under
that directory to lost+found in the file system in question.
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page