Package: munin-node
Version: 2.0.73-1
Severity: wishlist
Tags: patch

Hi,

munin-node's logrotate file uses the copytruncate feature to avoid
having to restart munin-node after log rotation. This is probably a
workaround for a shortcoming in munin-node, which was filed upstream
last week as https://github.com/munin-monitoring/munin/issues/1571

There is no possibility to avoid false alarms in aide for logs using the
delaycompress feature of logrotate. This is documented in aide's
upstream manual. Therefore, munin-node.log causes false alarms in aide.

The following patch works around this by having logrotate work the
traditional rename-and-recreate way and restarting munin-node after
that. I have tested this on my munin installation for weeks now, it
seems to work without affecting function. Sadly, since munin-node
doesn't even support a reload operation, a full restart is needed.

diff --git a/debian/munin-node.logrotate b/debian/munin-node.logrotate
index 8471c475..7441c2a6 100644
--- a/debian/munin-node.logrotate
+++ b/debian/munin-node.logrotate
@@ -3,7 +3,11 @@
        missingok
        rotate 7
        compress
-       copytruncate
+       nocopytruncate
+       delaycompress
        notifempty
        create 640 root root
+       postrotate
+               systemctl restart munin-node
+       endscript
 }

Please consider applying this in Debian's munin-node package. If you
choose to not do this (which I would fully understand, I know that I am
asking a lot), I will add this patch to the munin-node rule in aide as
comment to explain what a local admin would have to do to avoid false
alarms in aide. Please let me know about your decision.

I also don't mind having this issue closed without action instead of
just wontfixing.

Greetings
Marc

Reply via email to