Ubuntu
logwatch package

logwatch does not report cron events

Bug #719898 reported by Oliver Brakmann
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
logwatch (Debian)
Fix Released
Unknown
logwatch (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

Binary package hint: logwatch

Hello,

Debian/Ubuntu ships a cron service definition (in dist.conf/services/cron), which does not match any cron logfile entries due to a wrong "OnlyService" statement in said service definition.

Currently, it looks like this:
*OnlyService = (CROND|\/USR\/SBIN\/CRON|\/usr\/sbin\/cron)

However, the logfile entries for cron look like this, so they don't match:
Feb 16 09:11:11 deimos cron[641]: (CRON) INFO (pidfile fd = 3)
Feb 16 09:11:11 deimos cron[654]: (CRON) STARTUP (fork ok)
Feb 16 09:11:11 deimos cron[654]: (CRON) INFO (Running @reboot jobs)
Feb 16 09:17:01 deimos CRON[923]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)

I suggest changing the OnlyService statement to this (patch attached):
*OnlyService = (CRON|cron|CROND|\/USR\/SBIN\/CRON|\/usr\/sbin\/cron)

This applies to all Ubuntu releases, from at least Lucid to Natty.

Thanks!

Tags: patch

Related branches

lp:~sbeattie/ubuntu/natty/logwatch/logwatch-fixups
Martin Pitt: Approve
Diff: 437 lines (+174/-30)
5 files modified
debian/changelog (+17/-0)
debian/dist.conf/services/cron.conf (+1/-1)
logwatch.8 (+2/-3)
scripts/logwatch.pl (+12/-4)
scripts/services/named (+142/-22)
lp:ubuntu/natty/logwatch

CVE References

Revision history for this message
Oliver Brakmann (obrakmann) wrote :
Revision history for this message
Clint Byrum (clint-fewbar) wrote :

Oliver, thanks for taking the time to file this bug report and help us make Ubuntu better!

This is indeed a problem on natty, and I've confirmed it on Debian unstable as well.

I forwarded the issue and the patch upstream to Debian, and I'm marking this bug as Triaged, setting Importance to Medium.

Changed in logwatch (Ubuntu):
status: New → Triaged
importance: Undecided → Medium
Bug Watch Updater (bug-watch-updater)
Changed in logwatch (Debian):
status: Unknown → New
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package logwatch - 7.3.6.cvs20090906-1ubuntu4

---------------
logwatch (7.3.6.cvs20090906-1ubuntu4) natty; urgency=low

  * SECURITY UPDATE: privileged code execution via badly named logfiles
    - scripts/logwatch.pl: encapsulate logfiles in 's and ensure logfile
      names don't contain '.
    - http://logwatch.svn.sourceforge.net/viewvc/logwatch?view=revision&revision=26
    - CVE-2011-1018
  * debian/dist.conf/services/cron.conf: adjust to capture cron entries,
    thanks to Oliver Brakmann (LP: #719898)
  * scripts/services/named: update to upstream version to correctly
    capture more information (LP: #584229)
    - http://logwatch.svn.sourceforge.net/viewvc/logwatch/scripts/services/named?revision=19
  * logwatch.8: replace examples containing obsolete --print argument
    with --output=stdout (LP: #564796)
 -- Steve Beattie <email address hidden> Wed, 02 Mar 2011 13:44:53 +0100

Changed in logwatch (Ubuntu):
status: Triaged → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in logwatch (Debian):
status: New → Fix Committed
Bug Watch Updater (bug-watch-updater)
Changed in logwatch (Debian):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.