[CentOS] 5.9 logwatch yum filter broken

Tilman Schmidt t.schmidt at phoenixsoftware.de
Fri Jan 18 08:49:42 UTC 2013


After the upgrade to CentOS 5.9, all my CentOS 5 installations
report only "Unmatched Entries" in the "yum" section of their
daily logwatch mails. It seems the filter script
/usr/share/logwatch/scripts/services/yum got broken:

--------8<--------8<--------8<--------8<--------8<--------8<--------8<
[root at dns01 ~]# /usr/sbin/logwatch --print --service yum --debug 5
[...]
Processing Service: yum
 ( cat /var/cache/logwatch/logwatch.kKzXpf19/yum  |  /usr/bin/perl
/usr/share/logwatch/scripts/services/yum) 2>&1

 ################### Logwatch 7.3 (03/24/06) ####################
        Processing Initiated: Fri Jan 18 09:21:20 2013
        Date Range Processed: yesterday
                              ( 2013-Jan-17 )
                              Period is day.
      Detail Level of Output: 0
              Type of Output: unformatted
           Logfiles for Host: dns01.pxnet.com
  ##################################################################

 --------------------- yum Begin ------------------------

 DEBUG: Inside YUM Filter

 DEBUG(1): Updated: glibc-common.i386 2.5-107
 DEBUG(2): Updated: kernel-headers.i386 2.6.18-348.el5
 DEBUG(3): Updated: crontabs.noarch 1.10-11.el5
[...]
 DEBUG(89): Updated: yum-updatesd.noarch 1:0.9-5.el5

 **Unmatched Entries**
 2.5-107
 2.6.18-348.el5
 1.10-11.el5
[...]
 1:0.9-5.el5

 ---------------------- yum End -------------------------


 ###################### Logwatch End #########################

[root at dns01 ~]#
>8-------->8-------->8-------->8-------->8-------->8-------->8--------

Looking at the script I find the line

     22    $ThisLine =~ s/^[^ ]* [^ ]* //;

which looks like its intention was to strip the timestamp from
the logfile entry, but the DEBUG output shows it has already
been stripped at this point.

And a minor nit: who came up with the silly idea of enforcing
mode 600 for /var/log/yum.log in /etc/logrotate.d/yum? I don't
think it increases security if the intern who checks the logs
has to work with full root privileges all the time.

-- 
Tilman Schmidt
Phoenix Software GmbH
Bonn, Germany



More information about the CentOS mailing list