XenServer 5.6: Add /var/log/btmp to logrotate

Warning: Since a large /var/log/btmp could indicate that somebody is running brute force attacks against your system, you should at least think about changing the ssh port or setting up tools like DenyHosts or Fail2Ban (see here for more information about preventing ssh brute force attacks).

By default logrotate seems not be configured for the /var/log/btmp file on a XenServer 5.6 system. Since every failed login in is logged in this file, the file can become very large and your system could run out of free disk space.

To add this file to the logrotate config, add the following lines to /etc/logrotate.conf:

/var/log/btmp {
  minsize 1M
  create 0600 root utmp
  rotate 1

After editing the config it could be reasonable to run logrotate manually to clean up the log files with the following command:

# logrotate -f /etc/logrotate.conf

If you are unsure about the result, you can add the “-d” switch for a “dry run” to see what logrotate would do:

# logrotate -d -f /etc/logrotate.conf

Leave a Reply

Your email address will not be published. Required fields are marked *