This change has been made. Please let me know if you spot any problems or issues with it. kevin -- On Wed, 10 Aug 2011 12:59:10 -0600 Kevin Fenzi <kevin@xxxxxxxxx> wrote: > On Thu, 4 Aug 2011 11:17:18 -0600 > Stephen John Smoogen <smooge@xxxxxxxxx> wrote: > > ...snip... > > > >> Passwords creep into the logs every now and then. The usual is > > >> that someone tries to login with their password. Sorry about the > > >> write on group, I thought i fixed that a while ago. > > > > > > Yeah, I'll go look thru logs and see if there's anything there > > > that looks problematic. We might be able to just have the system > > > log ones readable, but leave the httpd ones closed up (those > > > would be the only ones that might have passwords I would think). > > > > Hmmm I thought the httpd ones were more open :). > > So, I did some digging around and I can't off hand find any passwords > in any of the httpd error logs or the like. Of course that doesn't > prevent a bug from happening. > > So, what I would propose on this > (after the freeze): > > * chown -R root:root /var/log/hosts /var/log/merged > * chmod -R 0644 /var/log/hosts /var/log/merged > * change /etc/rsyslog.conf to: > $DirCreateMode 0755 > $FileCreateMode 0644 > $FileOwner root > $FileGroup root > * add 'fi-apprentice' to be able to login there. > > If we find anything logging sensitive information, we need to fix it > not to do that, and/or re-evaluate. > > kevin
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
