Re: audit 0.6 release

On Thu, 06 Jan 2005 15:52:50 CST, "Browder, Tom" said: logrotate doesn't do a very good job of handling "roll to next file when this one is 40M in size", because the cron job is probably not running at the time that the log gets to 40M. The semantics of "rotate at 2AM if it's over 40M then" are quite different from "rotate at current clocktime 11:37AM if we hit 40M then...". Also, in a priv-separated environment, only the "security officer" role should be allowed to remove an audit file (while logrotate's "rotate" command will rm the oldest one if/when needed). So you probably need to use *two* logrotate instances with separate config files, one for your system logs running in the "admin" role, and another for the audit logs running in the "security officer" role. In an SELinux environment, you'd probably need a dummy front-end that runs logrotate, and have an exec_auto_trans() to put the front end into the correct security context....