[Rack] Baron Security

Jonathan Lassoff jof at thejof.com
Tue Jan 22 21:41:57 UTC 2013

On Tue, Jan 22, 2013 at 1:34 PM, Michael C. Toren <mct at toren.net> wrote:

> On Tue, Jan 22, 2013 at 01:57:55AM -0800, Jonathan Lassoff wrote:
> > Maybe we should rotate or truncate the log after a while? Seems like
> > we're collecting info on users' comings and goings, and there's no real
> > reason to keep that forever.
> Yes, we should totally do that.  We definitely do not want to keep the
> baron logfile around for very long.
> In addition to the su stuff I mentioned elsewhere in this thread, I just
> changed /etc/init/baron.conf to include the line "console log", and to
> remove the "--logfile" argument that's passed to baron.  This redirects
> stdout and stderr to /var/log/upstart/<job-name>.  There's some existing
> mechanism in Debian that rotates files in that directory, but I don't know
> offhand where it's configured.  We'll want to find it, and tweak it so that
> it only saves N days of logs.

It's /etc/logrotate.d/upstart, which says:

/var/log/upstart/*.log {
        rotate 7

So, it's a week's worth, rotating daily.
Seems fine to me.

Nice work!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.noisebridge.net/pipermail/rack/attachments/20130122/602d0244/attachment.html>

More information about the Rack mailing list