btmp should be rotated more frequently
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
logrotate (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
The rotation of btmp seems to be too infrequent considering that it's easy to grow this file from an external machine.
In my testing, I generated (bad) SSH connections at a rate of 10 attempts/sec and was able to grow the btmp file of ~350MB/day. At this rate, btmp would reach the 10GB in a month period (default rotation period). A higher connection attempt rate is probably possible on publicly exposed SSH servers.
Here's a proposed logrotate configuration for btmp that would improve the situation:
/var/log/btmp {
missingok
notifempty
weekly
create 0660 root utmp
rotate 8
compress
delaycompress
maxsize 10M
}
The delaycompress makes it easy to use "lastb -f /var/log/btmp.1" while still benefiting from the compression (btmp compresses well).
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: logrotate 3.8.7-1ubuntu1
ProcVersionSign
Uname: Linux 3.13.0-24-generic x86_64
ApportVersion: 2.14.1-0ubuntu3
Architecture: amd64
CurrentDesktop: Unity
Date: Wed Apr 30 11:20:14 2014
InstallationDate: Installed on 2014-01-26 (93 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Alpha amd64 (20140124)
SourcePackage: logrotate
UpgradeStatus: No upgrade log present (probably fresh install)