Package: munin-node Version: 2.0.73-1 Severity: wishlist Tags: patch Hi,
munin-node's logrotate file uses the copytruncate feature to avoid having to restart munin-node after log rotation. This is probably a workaround for a shortcoming in munin-node, which was filed upstream last week as https://github.com/munin-monitoring/munin/issues/1571 There is no possibility to avoid false alarms in aide for logs using the delaycompress feature of logrotate. This is documented in aide's upstream manual. Therefore, munin-node.log causes false alarms in aide. The following patch works around this by having logrotate work the traditional rename-and-recreate way and restarting munin-node after that. I have tested this on my munin installation for weeks now, it seems to work without affecting function. Sadly, since munin-node doesn't even support a reload operation, a full restart is needed. diff --git a/debian/munin-node.logrotate b/debian/munin-node.logrotate index 8471c475..7441c2a6 100644 --- a/debian/munin-node.logrotate +++ b/debian/munin-node.logrotate @@ -3,7 +3,11 @@ missingok rotate 7 compress - copytruncate + nocopytruncate + delaycompress notifempty create 640 root root + postrotate + systemctl restart munin-node + endscript } Please consider applying this in Debian's munin-node package. If you choose to not do this (which I would fully understand, I know that I am asking a lot), I will add this patch to the munin-node rule in aide as comment to explain what a local admin would have to do to avoid false alarms in aide. Please let me know about your decision. I also don't mind having this issue closed without action instead of just wontfixing. Greetings Marc

