On Thu, 4 Aug 2011 11:17:18 -0600 Stephen John Smoogen <smooge@xxxxxxxxx> wrote: ...snip... > >> Passwords creep into the logs every now and then. The usual is that > >> someone tries to login with their password. Sorry about the write > >> on group, I thought i fixed that a while ago. > > > > Yeah, I'll go look thru logs and see if there's anything there that > > looks problematic. We might be able to just have the system log ones > > readable, but leave the httpd ones closed up (those would be the > > only ones that might have passwords I would think). > > Hmmm I thought the httpd ones were more open :). So, I did some digging around and I can't off hand find any passwords in any of the httpd error logs or the like. Of course that doesn't prevent a bug from happening. So, what I would propose on this (after the freeze): * chown -R root:root /var/log/hosts /var/log/merged * chmod -R 0644 /var/log/hosts /var/log/merged * change /etc/rsyslog.conf to: $DirCreateMode 0755 $FileCreateMode 0644 $FileOwner root $FileGroup root * add 'fi-apprentice' to be able to login there. If we find anything logging sensitive information, we need to fix it not to do that, and/or re-evaluate. kevin
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
