Hello list, The logging section of the security handbook[1] recommends using app- admin/logcheck to monitor logs, but I can't get past a permission problem. Logcheck sends me an e-mail which complains:
================ Could not run logtail or save output Check temporary directory: /tmp/logcheck.thLHYh Also verify that the logcheck user can read all files referenced in /etc/logcheck/logcheck.logfiles! ================ There's no sign of any /tmp/log* file. /var/log/messages is the only entry in /etc/logcheck/logcheck.logfiles . I tried changing /var/log/messages thus: # chmod g+r /var/log/messages # chown :logcheck /var/log/messages ...and ran logcheck, only to find that /var/log/messages was back to its original permissions: ls -l /var/log/messages -rw------- 1 root root 139K May 8 13:27 /var/log/messages ...and I got the same e-mail as before. Has anyone succeeded in running logcheck? What's the magic recipe? I see that app-admin/logcheck is maintainer-wanted, so there's no point in raising a bug report. [1] https://wiki.gentoo.org/wiki/Security_Handbook/Logging -- Regards Peter
