Bug 11305

Summary:	wrong permissions for /var/log/btmp
Product:	IPFire	Reporter:	ipf-tom
Component:	---	Assignee:	Matthias Fischer <matthias.fischer>
Status:	CLOSED FIXED	QA Contact:
Severity:	Balancing
Priority:	- Unknown -	CC:	ipf-tom, matthias.fischer, peter.mueller
Version:	2
Hardware:	unspecified
OS:	Unspecified

Description ipf-tom 2017-03-23 17:12:54 UTC

The file /var/log/btmp should not be readable by non-root:

If someone is typing the password when the user was expected, the failed login will be documented in btmp. Probably user will login correct soon. So you have a combination of user (wtmp / last) and password (btmp / lastb).

Therefore the system denies to write into btmp because of bad permissions.

/var/log/messages:
Mar 23 08:52:21 ipfire sshd[31548]: Failed password for root from 1.2.3.4 port 63320 ssh2
Mar 23 08:52:21 ipfire sshd[31548]: Excess permission or bad ownership on file 

ls -l /var/log/btmp
-rw-r--r-- 1 root root 0 Feb  1 22:51 /var/log/btmp

should be
-rw------- 1 root root 0 Feb  1 22:51 /var/log/btmp

Comment 1 ipf-tom 2017-03-23 17:16:30 UTC

observed in IPFire 2.19 (x86_64) - Core Update 109

Comment 2 Matthias Fischer 2017-04-28 21:32:23 UTC

Suggested fix:

=> http://patchwork.ipfire.org/patch/1099/

=> http://git.ipfire.org/?p=people/mfischer/ipfire-2.x.git;a=commit;h=dcd97580c3f6aec7a4dc70b2af721368f14fd11c

Best,
Matthias

Comment 3 Peter Müller 2017-11-08 17:45:46 UTC

Is this bug still valid? (Currently cleaning up bug list... :-) )

Comment 4 Matthias Fischer 2017-11-08 23:33:49 UTC

Fixed in Core 111