我刚刚在系统上设置了相当广泛的日志记录和日志轮转操作,希望消除或至少最小化空间不足错误(可能的漏洞?)的风险。
但是,我无法在该logrotate服务的手册页中找到这个问题的明确答案
logrotate 服务如何确定其每日、每周或每月选项的最后一次 logrotation 的时间戳?
摘录man logrotate如下:
weekly [weekday]
Log files are rotated once each weekday, or if the date is advanced by at least 7 days since the last rotation
(while ignoring the exact time). The weekday interpretation is following: 0 means Sunday, 1 means Monday, ..., 6
means Saturday; the special value 7 means each 7 days, irrespectively of weekday. Defaults to 0 if the weekday ar‐
gument is omitted.
上次轮换的时间是否只是通过查看前一个轮换日志文件的最后修改时间戳来不断检查(使用 cronjob)?
如果是这样,如果用户设法以某种方式“欺骗”系统并迫使其取消系统时间同步(通常这很容易做到,因为它是一种非常罕见的攻击向量,因此很少受到适当的保护),因此logrotate创建带有未来时间戳的轮换日志,这会本质上禁用logrotate基于频率的轮换吗?
供参考:有问题的系统 - 因为tumblerd(无论是因为系统配置,还是我不能说的实际漏洞),根据我的理解,这是一种缩略图管理器 - 不断在和syslog日志中添加条目,在系统故障之前每个容量达到 100GB(首先是空间方面,然后是内存泄漏和 CPU 负载峰值)。这不仅本身就是一个问题,而且还导致无法读取这 3 个日志文件,我当时能想到的唯一解决方案就是 清除它们。user.logmessagesecho "" > [filename]
答案1
由于logrotate是 FOSS,您只需下载源代码并阅读即可。在 Ubuntu 上,打包系统显示:
walt@bat:~(0)$ apt-cache show logrotate
Package: logrotate
Architecture: amd64
Version: 3.8.7-2ubuntu2.16.04.2
Priority: important
Section: admin
Origin: Ubuntu
Maintainer: Ubuntu Developers <[email protected]>
Original-Maintainer: Paul Martin <[email protected]>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 113
Depends: libacl1 (>= 2.2.51-8), libc6 (>= 2.14), libpopt0 (>= 1.14), libselinux1 (>= 1.32), cron | anacron | cron-daemon, base-passwd (>= 2.0.3.4)
Suggests: mailx
Breaks: postgresql-common (<= 126)
Filename: pool/main/l/logrotate/logrotate_3.8.7-2ubuntu2.16.04.2_amd64.deb
Size: 37660
MD5sum: ae3cf957775ac5c9e72604ac80b71e24
SHA1: 78687a0db41fad8b25b9aaa0f9e9e01739cb6136
SHA256: 4089998610e24a849d0286f1a657a714e7f3fe249f82eef3896778054ea1753e
Homepage: https://fedorahosted.org/logrotate/
Description-en: Log rotation utility
The logrotate utility is designed to simplify the administration of
log files on a system which generates a lot of log files. Logrotate
allows for the automatic rotation compression, removal and mailing of
log files. Logrotate can be set to handle a log file daily, weekly,
monthly or when the log file gets to a certain size. Normally, logrotate
runs as a daily cron job.
Description-md5: bb73169bb75b2b8a2fda1453d214416d
Task: minimal
Supported: 5y
Package: logrotate
Priority: important
Section: admin
Installed-Size: 113
Maintainer: Ubuntu Developers <[email protected]>
Original-Maintainer: Paul Martin <[email protected]>
Architecture: amd64
Version: 3.8.7-2ubuntu2
Depends: libacl1 (>= 2.2.51-8), libc6 (>= 2.14), libpopt0 (>= 1.14), libselinux1 (>= 1.32), cron | anacron | cron-daemon, base-passwd (>= 2.0.3.4)
Suggests: mailx
Breaks: postgresql-common (<= 126)
Filename: pool/main/l/logrotate/logrotate_3.8.7-2ubuntu2_amd64.deb
Size: 37642
MD5sum: 858f35a2a3eec8dc07e9896f8a905981
SHA1: 18802ca05d004b4d70aa400920668f71af98b47e
SHA256: bc370a2003b18b1761adceed2fdf575122117cbf17edc6de377d64dc01623d6e
Description-en: Log rotation utility
The logrotate utility is designed to simplify the administration of
Since `logrotate` is FOSS, you could just dowload the source and read it. On Ubuntu. log files on a system which generates a lot of log files. Logrotate
allows for the automatic rotation compression, removal and mailing of
log files. Logrotate can be set to handle a log file daily, weekly,
monthly or when the log file gets to a certain size. Normally, logrotate
runs as a daily cron job.
Description-md5: bb73169bb75b2b8a2fda1453d214416d
Homepage: https://fedorahosted.org/logrotate/
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Origin: Ubuntu
Supported: 5y
Task: minimal
Homepage: https://fedorahosted.org/logrotate/是一个很好的起点。
一种好的logrotate技术是强制日志记录实体关闭当前日志文件并打开一个新日志文件。这可以通过signals、 或(停止服务器;重命名日志文件;启动服务器)来完成。