Ntopng : logrotate complains since last update

pagaille · July 18, 2020, 5:30am

Hi there,

Since the recent update, I receive a daily message from logrotate complaining that the rights on ntopng’s log files folder aren’s set right.

error: skipping “/var/lib/ntopng/ntopng_access.log” because parent directory has insecure permissions (It’s world writable or writable by group which is not “root”) Set “su” directive in config file to tell logrotate which user/group should be used for rotation.

# ls -lai /var/lib/ntopng/
    $total 76
      68633656 drwxrwxrwx  16 ntopng ntopng  4096 Jul 11 16:35 .
     134320262 drwxr-xr-x. 87 root   root    4096 Jun 30 04:27 ..
     136051667 drwxrwxrwx   9 ntopng ntopng   141 Jul 20  2019 0
       3538585 drwxrwxrwx   8 ntopng ntopng    98 Jan 21  2018 1
    3560131878 drwx------   5 ntopng ntopng    63 Jun 30 04:28 -1
       2960885 drwx------   5 ntopng ntopng    47 Nov 26  2018 10
     872436091 drwxrwxrwx   5 ntopng ntopng    47 Oct 21  2017 2
    1006653829 drwxrwxrwx   6 ntopng ntopng    65 Dec 30  2017 3
    1140898593 drwxrwxrwx   3 ntopng ntopng    24 May 17  2017 4
     738213639 drwxrwxrwx   3 ntopng ntopng    24 May 17  2017 46
       2457548 drwxrwxrwx   3 ntopng ntopng    24 May 17  2017 5
     140377780 drwxrwxrwx   6 ntopng ntopng    65 Nov 26  2018 6
     268472122 drwxrwxrwx   3 ntopng ntopng    24 May 17  2017 7
    5570037643 drwx------   2 ntopng ntopng  4096 Jul 18 00:00 category_lists
      68633601 -rw-r--r--   1 root   root       0 Jun 30 04:27 .lock
      68633602 -rw-------   1 ntopng ntopng 37977 Jul 11 16:27 ntopng_access.log
    9596567690 drwx------  11 ntopng ntopng  4096 Jul 11 16:25 plugins0
     134657917 drwx------  11 ntopng ntopng  4096 Jul 11 16:35 plugins1
      68633600 -rw-r--r--   1 ntopng ntopng 13732 Jul 18 07:31 runtimeprefs.json

Any idea ?

Matthieu

mrmarkuz · July 18, 2020, 1:37pm

Weird, here it looks ok.
I’d try to chmod 700 the dirs owned by ntopng to correct permissions and restart the service and try logrotate -dv /etc/logrotate.conf to check if the error still occurs.

[root@server ~]# ls -lai /var/lib/ntopng/
total 16
33769488 drwx------   9 ntopng ntopng   135 Jul 18 01:53 .
33554510 drwxr-xr-x. 72 root   root    4096 Jul  8 00:32 ..
67337323 drwx------   5 ntopng ntopng    50 Jul  8 00:32 0
34021522 drwx------   5 ntopng ntopng    50 Jul  8 00:32 1
67166332 drwx------   5 ntopng ntopng    50 Jul  8 00:32 -1
    2770 drwx------   6 ntopng ntopng    69 Jul  8 00:33 2
 2057316 drwx------   2 ntopng ntopng   209 Jul 18 02:00 category_lists
38948307 -rw-r--r--   1 root   root       0 Jul  8 00:32 .lock
67385752 drwx------  11 ntopng ntopng   208 Jul 18 01:43 plugins0
38941502 drwx------  11 ntopng ntopng   208 Jul 18 01:53 plugins1
38988795 -rw-------   1 ntopng ntopng 10979 Jul 18 15:24 runtimeprefs.json

There was a bug some time ago:

pagaille · July 18, 2020, 3:13pm

Yep, I also found that weird.

Your fix seem to work. No complaints from logrotate as far as i can see.

perms are now :

# ls -lai
total 72
  68633656 drwx------  15 ntopng ntopng  4096 Jul 18 17:09 .
 134320262 drwxr-xr-x. 87 root   root    4096 Jun 30 04:27 ..
 136051667 drwx------   9 ntopng ntopng   141 Jul 20  2019 0
   3538585 drwx------   8 ntopng ntopng    98 Jan 21  2018 1
3560131878 drwx------   5 ntopng ntopng    63 Jun 30 04:28 -1
   2960885 drwx------   5 ntopng ntopng    47 Nov 26  2018 10
 872436091 drwx------   5 ntopng ntopng    47 Oct 21  2017 2
1006653829 drwx------   6 ntopng ntopng    65 Dec 30  2017 3
1140898593 drwx------   3 ntopng ntopng    24 May 17  2017 4
 738213639 drwx------   3 ntopng ntopng    24 May 17  2017 46
   2457548 drwx------   3 ntopng ntopng    24 May 17  2017 5
 140377780 drwx------   6 ntopng ntopng    65 Nov 26  2018 6
 268472122 drwx------   3 ntopng ntopng    24 May 17  2017 7
5570037643 drwx------   2 ntopng ntopng  4096 Jul 18 00:00 category_lists
  68633601 -rw-r--r--   1 root   root       0 Jun 30 04:27 .lock
  68633602 -rw-------   1 ntopng ntopng 37977 Jul 11 16:27 ntopng_access.log
8522830001 drwx------  11 ntopng ntopng  4096 Jul 18 17:09 plugins0
  68633600 -rw-r--r--   1 ntopng ntopng 13726 Jul 18 17:10 runtimeprefs.json

Notice that the access log file is there now and that it dates back from some days !?

Strange bug.

mrmarkuz · July 18, 2020, 3:26pm

Did you restart the ntopng service? I guess you need to use the ntopng UI to force new log entries.