[IntelMQ-dev] Redis log file gets wrong owner & group(?)
Sebix
sebix at sebix.at
Sun Nov 14 20:34:55 CET 2021
Dear Mika,
On 11/10/21 12:14 PM, Mika Silander wrote:
> Hi all,
>
> Occasionally we see the /var/log/redis/redis-server.log file getting intelmq as its owner and group.
Everytime when logrotate kicks in?
> This makes redis output to the log file fail. Once the owner is reset to redis and group to adm (on Ubuntu 20.04 LTS) and running systemctl restart redis, redis works fine. I've tried to debug the reason for this change in ownership in logrotate confs, intelmqctl sources etc but so far no luck. Hints as to the reason or how to troubleshoot are again welcome.
I discovered, debugged and fixed this issue a few weeks ago when I was
still working at CERT.at:
https://github.com/certtools/intelmq/commit/5b3c68b571b04ae816f3e8314a2d97b78dae76aa
The problem is that the option `create 644 intelmq intelmq` in intelmq's
logrotate config does not only apply to the intelmq files, but to all
files managed by logrotate globally. Not only redis is affected, but
lots more. You can find all affected files with
sudo find /var/log/ -user intelmq ! -path \*intelmq\*
I hope that helps
Sebastian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/intelmq-dev/attachments/20211114/dc8206cc/attachment.sig>
More information about the IntelMQ-dev
mailing list