[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: NEVER remove log files without asking

On Sun, 15 Aug 2004 01:30, Matthew Wilcox <willy@debian.org> wrote:
> On Sun, Aug 15, 2004 at 01:03:26AM +1000, Russell Coker wrote:
> > Policy does not mandate "rm -rf" on the entire directory tree.
> No, but it does imply that apache owns /var/log/apache and is entitled
> to do so.

It created /var/log/apache and is entitled to run "rmdir /var/log/apache", but 
if that rmdir fails because of files you don't own being in there then it has 
to stay.

> > Removing /var/log/apache/access.log* /var/log/apache/error.log* and
> > attempting rmdir on /var/log/apache satisfies the requirements of policy.
> I'm not sure it does.  Policy states that we should remove logfiles.
> If the user has edited the config file to split some of the logfiles
> (for example, per virtual host is quite common), we should also remove
> those, no?

No.  You should remove the default log files only.  Other log files are the 
administrator's business.

> > Removing subdirectories of /var/log/apache and files other than
> > access.log* and error.log* in /var/log/apache is not required or expected
> > and can only give a bad result.
> >
> > If you don't create it then don't remove it!
> But we did create it.

If you insist on removing /var/log/apache then move files you don't own under 
that directory to lost+found in the file system in question.

http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to: