LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 06-17-2013, 04:15 PM   #16
coniptor
LQ Newbie
 
Registered: Mar 2009
Posts: 5

Rep: Reputation: 0

Posting a reply to this old thread because I have run into this and solved it only to forget it and need to solve it again.
Where I then happen upon this thread for the umpteen time.
So posting the solution for my self and everyone else.

Verify that logcheck has both a user and group in /etc/passwd and /etc/group.
Ensure that logcheck is a member of group adm. <--- <--- <---
Ensure that the logs are readable by adm so that logcheck can read the logs otherwise your:
Code:
 su -s /bin/sh -c '/usr/sbin/logcheck -dt' - logcheck
output or email errors will complain about permission denied errors accessing the log files.
Code:
 find /var/log/ -type f -exec chgrp adm {} ';'
or
Code:
 find /var/log/ -type f -exec chown root:adm {} ';'
Code:
 find /var/log/ -type f -exec chmod g+r {} ';'
 find /var/log/ -type f -exec chmod o-rwx {} ';'
or
Code:
 find /var/log/ -type f -exec chmod 640 {} ';'
Code:
 find /var/log/ -type d -exec chmod 755 {} ';'
It's also good to ensure you have a logcheck alias in /etc/aliases pointing at your primary account so the logcheck user is not filling up the mail spool with mail you never check. Of course run newaliases or postmap as the case may be.

Also on selinux enabled systems run restorecon -Rv /etc/logcheck after updating or adding new local-* rules.

Last edited by coniptor; 06-27-2013 at 02:46 AM.
 
Old 04-06-2015, 02:18 AM   #17
Klaipedaville
Member
 
Registered: Mar 2013
Posts: 110

Rep: Reputation: Disabled
I understand this post is quite old but if someone could advise / comment on my little issue I would highly appreciate it.

The following commands do not work:

su -s /bin/bash -c "/usr/sbin/logcheck" logcheck
or
su -s /bin/bash -c "/usr/sbin/logcheck -d" logcheck

it says:

cannot execute /bin/bash/

However, the following commands work perfectly fine:

sudo - u logcheck logcheck
or
sudo - u logcheck logcheck -d

Logcheck also emails me OK as per its configuration settings, it's just logcheck's suggested commands of

su -s /bin/bash -c "/usr/sbin/logcheck" logcheck
and
su -s /bin/bash -c "/usr/sbin/logcheck -d" logcheck

that do not work. Any suggestions, please? Many thanks in advance!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[logcheck] ignore.d and logcheck.ignore cyberpunx Linux - Software 0 09-18-2005 05:07 PM
Logcheck regex to filter out bogus errors Donboy Linux - Security 1 03-13-2005 11:09 PM
how to monitor logfiles ganninu Linux - General 4 12-07-2003 06:36 AM
INFO: configuring logcheck markus1982 Linux - Software 1 05-26-2003 11:54 AM
Logfiles wonderpun Linux - General 3 09-01-2002 03:27 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 06:41 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration