Insecure permissions on /var/log/percona
General
Escalation
General
Escalation
Description
Environment
None
Activity
Show:
surabhi.bhat September 25, 2024 at 9:53 AM
The issue has been fixed in the latest packages, i.e. percona-telemetry-agent-1.0.2-2 . Thank you.
Maxim Kondratenko August 13, 2024 at 8:06 AM
Hi
As I see we have the following options:
1. The variant you provided in p1.
2. Place log files into /var/log/percona/telemetry-agentdirectory with ownership daemon:percona-telemetryand permissions 775. In addition it requires adding the following line into logrotate.conf:
at the beginning of the config section.
Please consider option 2.
Done
Details
Details
Assignee
surabhi.bhatReporter
iONeeds QA
Yes
Needs Packaging
Yes
Components
Priority
MediumSmart Checklist
Open Smart Checklist
Smart Checklist
Open Smart Checklist
Created August 12, 2024 at 10:30 AM
Updated September 25, 2024 at 9:53 AM
Resolved September 16, 2024 at 8:15 AM
We noticed an update of the percona-server-server package installed the percona-telemetry-agent as a dependency.
That package seems to create a /var/log/percona directory with mode 777 and a logrotate for the percona-telemetry-agent logs.
However, due to the mode of the /var/log/percona directory, logrotate deems it to be insecure and doesn’t rotate those logs.