World readable log files

To: debian-user@lists.debian.org
Subject: World readable log files
From: Olaf Meeuwissen <olaf@epkowa.co.jp>
Date: 25 Sep 2000 11:32:52 +0900
Message-id: <[🔎] 871yy9ciaz.fsf@epkowa.co.jp>

Hi all,

I just checked the permissions on files in /var/log.  Too my surprise,
I saw quite a few log files that are world readable.  Now this may not
be a big problem, but I thought that at least some of these should not
be out of security concerns.  Any opinions?

The following are world readable on my rather spartan system:

  /var/log/apache/access.log*
  /var/log/apache/error.log*
  /var/log/dmesg
  /var/log/faillog
  /var/log/ksymoops/*.ksyms
  /var/log/ksymoops/*.modules
  /var/log/lastlog
  /var/log/news/news.*
  /var/log/nmb*
  /var/log/smb*
  /var/log/wtmp

Not world readable are:

  /var/log/auth.log*
  /var/log/daemon.log*
  /var/log/debug*
  /var/log/exim/mainlog*
  /var/log/installer.log
  /var/log/kern.log*
  /var/log/lpr.log*
  /var/log/mail.err*
  /var/log/mail.info*
  /var/log/mail.log*
  /var/log/mail.warn*
  /var/log/messages*
  /var/log/setuid.changes*
  /var/log/setuid.today
  /var/log/setuid.yesterday
  /var/log/syslog*
  /var/log/user.log*
  /var/log/uucp.log*

BTW, what is /var/log/mail.* good for if you have exim installed?
-- 
Olaf Meeuwissen       Epson Kowa Corporation, Research and Development

Reply to:

Follow-Ups:
- Re: World readable log files
  - From: Dave Sherohman <esper@sherohman.org>

Prev by Date: Re: A series of newbieite questions
Next by Date: Re: Changing Mutt's defaults- possible?
Previous by thread: RE: A series of newbieite questions
Next by thread: Re: World readable log files
Index(es):
- Date
- Thread