Login or Register to Ask a Question and Join Our Community


Shell Programming and Scripting

[bash] script is filling up my /var/log

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting [bash] script is filling up my /var/log
# 1  
Old 12-13-2018
[bash] script is filling up my /var/log/auth.log
I am trying to create a script that checks if my VPN connection is up and running...
Everything seems to work as except but for some reason, the script fills up my /var/log/auth.log with the below information

Code:
Dec 13 01:07:44 debian sudo: soichiro : TTY=pts/0 ; PWD=/home/soichiro/Desktop ; USER=root ; COMMAND=/sbin/ifconfig tun0
Dec 13 01:07:44 debian sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Dec 13 01:07:44 debian sudo: pam_unix(sudo:session): session closed for user root
Dec 13 01:07:44 debian sudo: soichiro : TTY=pts/0 ; PWD=/home/soichiro/Desktop ; USER=root ; COMMAND=/sbin/ifconfig tun0
Dec 13 01:07:44 debian sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Dec 13 01:07:44 debian sudo: pam_unix(sudo:session): session closed for user root
Dec 13 01:07:44 debian sudo: soichiro : TTY=pts/0 ; PWD=/home/soichiro/Desktop ; USER=root ; COMMAND=/sbin/ifconfig tun0
Dec 13 01:07:44 debian sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Dec 13 01:07:44 debian sudo: pam_unix(sudo:session): session closed for user root
Dec 13 01:07:44 debian sudo: soichiro : TTY=pts/0 ; PWD=/home/soichiro/Desktop ; USER=root ; COMMAND=/sbin/ifconfig tun0
Dec 13 01:07:44 debian sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Dec 13 01:07:44 debian sudo: pam_unix(sudo:session): session closed for user root
Dec 13 01:07:44 debian sudo: soichiro : TTY=pts/0 ; PWD=/home/soichiro/Desktop ; USER=root ; COMMAND=/sbin/ifconfig tun0
Dec 13 01:07:44 debian sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Dec 13 01:07:44 debian sudo: pam_unix(sudo:session): session closed for user root
Dec 13 01:07:44 debian sudo: soichiro : TTY=pts/0 ; PWD=/home/soichiro/Desktop ; USER=root ; COMMAND=/sbin/ifconfig tun0
Dec 13 01:07:44 debian sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Dec 13 01:07:44 debian sudo: pam_unix(sudo:session): session closed for user root
Dec 13 01:07:44 debian sudo: soichiro : TTY=pts/0 ; PWD=/home/soichiro/Desktop ; USER=root ; COMMAND=/sbin/ifconfig tun0
Dec 13 01:07:44 debian sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Dec 13 01:07:44 debian sudo: pam_unix(sudo:session): session closed for user root
Dec 13 01:07:44 debian sudo: soichiro : TTY=pts/0 ; PWD=/home/soichiro/Desktop ; USER=root ; COMMAND=/sbin/ifconfig tun0
Dec 13 01:07:44 debian sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Dec 13 01:07:44 debian sudo: pam_unix(sudo:session): session closed for user root

This is my script
Code:
#!/bin/bash

vpn_status(){
	while true; do
		if ( sudo ifconfig tun0 | grep -q "00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00" ) &>/dev/null; then
			echo "$(tput bold)$(tput setaf 2)"
			printf '%s\r' "VPN scrypt is up and running..."
		else	
			echo "$(tput bold)$(tput setaf 1)"
			printf '%s\r' "VPN is Down..."
		fi 
   	done
}

vpn_status

Could someone please explain to me why/what I am doing wrong?
Last edited by soichiro; 12-13-2018 at 03:21 AM..
# 2  
Old 12-13-2018
Hi,

You have sudo logging to /var/log/auth.log, you may want to look at how it is setup I think that this is the default.

Regards

Gull04
# 3  
Old 12-13-2018
Not sure if you REALLY need to check the VPN connection umpteen times per second - consider using e.g. sleep 60 in the loop to reduce resource load.
# 4  
Old 12-13-2018
Do you really need to run ifconfig as root anyway? You shouldn't, if all you're doing is checking values.
# 5  
Old 12-13-2018
Quote:
Originally Posted by Corona688
Do you really need to run ifconfig as root anyway? You shouldn't, if all you're doing is checking values.
Unless I am wrong... In Debian a regular user does not have access to ifconfig.

--- Post updated 12-14-18 at 12:19 AM ---

It took me all day but in the end, I was finally able to prevent the following log files to increase in size.
Code:
/var/log/kern.log 
/var/log/auth.log 
/var/log/daemon.log

I took care of pam_unix(sudo:session) flooding my /var/log/auth.log by adding the below setting in /etc/sudoers.d/soichiro
Code:
Defaults   !logfile, !syslog, !pam_session

To prevent /var/log/daemon.log to increase in size, I removed the printf in my script

To solve the /var/log/kern.log which was being flooding with messages from UFW like the below one, I executes the command sudo ufw logging off
Code:
Dec 13 17:44:29 debian kernel: [16119.856118] [UFW BLOCK] IN= OUT=enp6s0 SRC= etc etc

I hope this will help someone out-there and if someone has a better way to do this, I am all hears.
This User Gave Thanks to soichiro For This Post:
MadeInGermany
# 6  
Old 12-14-2018
Quote:
Originally Posted by soichiro
Unless I am wrong... In Debian a regular user does not have access to ifconfig.
Humor me. Just try it. I've never encountered a UNIX/Linux system which didn't allow you to read its network settings. I have encountered systems where it's not in the default PATH, but that didn't stop it from working when /absolute/path/to/ifconfig was used. And now that /sbin/ is mostly depreciated, that doesn't happen as much as it used to. 'which ifconfig' if uncertain.

Using sudo where unnecessary is a security risk. Someone could abuse those escalated privileges to change network settings. It could even conceivably happen by accident.
Last edited by Corona688; 12-14-2018 at 11:34 AM..
This User Gave Thanks to Corona688 For This Post:
MadeInGermany
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Transfer the logs being thrown into /var/log/messages into another file example /var/log/volumelog

I have been searching and reading about syslog. I would like to know how to Transfer the logs being thrown into /var/log/messages into another file example /var/log/volumelog. tail -f /var/log/messages dblogger: msg_to_dbrow: no logtype using missing dblogger: msg_to_dbrow_str: val ==... (2 Replies)
Discussion started by: kenshinhimura
2 Replies

2. Shell Programming and Scripting

Is there a BASH script allowing me to grep specifics from /var/log/messages?

I am wondering if there is a script (if one exists, not confident in my own scripting ability) that is able to bring up specified information from the /var/log/messages. I need to show logged traffic on specific dates and times and protocols (ie. Show all insecure FTP traffic (most likely via... (13 Replies)
Discussion started by: vgplayer54
13 Replies

3. Shell Programming and Scripting

BASH script to export var to env

Hi all I am trying to create a script that takes a password input then writes that to a tmp file and puts that tmp file path in my env as a var. It does everything but export the my env and I am unsure why. I am using Ubuntu 12.4 #!/bin/bash read -s -p "Enter Password: " gfpassword... (5 Replies)
Discussion started by: koikoi
5 Replies

4. Emergency UNIX and Linux Support

Error filling /var/adm/messages

I have Solaris-11 non-global zone running under Solaris-11 global zone. Every few minutes, this message is getting in /var/adm/message of non-global zone Aug 31 08:31:53 zonnjc002dbp01 statd: statd: cannot talk to statd at NAS1, RPC: Timed out(5) NAS1 is already mounted as NFS and working... (2 Replies)
Discussion started by: solaris_1977
2 Replies

5. HP-UX

Script to monitor /var/opt/resmon/log/event.log file

AM in need of some plugin/script that can monitor HP-UX file "/var/opt/resmon/log/event.log" . Have written a scrip in sh shell that is working fine for syslog.log and mail.log as having standard format, have interrogated that to Nagios and is working as I required . But same script failed to... (3 Replies)
Discussion started by: Shirishlnx
3 Replies

6. Emergency UNIX and Linux Support

[Solved] /var is filling continuously

Hi All, I have Solaris-10 machine. Yesterday I patched it with Solaris-10 patch Cluster. Since then glance software is filling up /var/core continuously. In every few minutes, it will fill /var to 100%. Glance runs through /etc/init.d/mwa and I already stopped it, still core files are... (15 Replies)
Discussion started by: solaris_1977
15 Replies

7. Solaris

Difference between /var/log/syslog and /var/adm/messages

Hi, Is the contents in /var/log/syslog and /var/adm/messages are same?? Regards (3 Replies)
Discussion started by: vks47
3 Replies

8. Solaris

diff b/w /var/log/syslog and /var/adm/messages

hi sirs can u tell the difference between /var/log/syslogs and /var/adm/messages in my working place i am having two servers. in one servers messages file is empty and syslog file is going on increasing.. and in another servers message file is going on increasing but syslog file is... (2 Replies)
Discussion started by: tv.praveenkumar
2 Replies

9. UNIX for Advanced & Expert Users

diff command filling /var filesystem space

Hi, I am using diff command to check difference between two files.Both files are very big and when i execute this command /var temp space is filled up almost 99%. Can any one please tell me is there any way i can specify directory name which has more space so that diff can use that dir for... (2 Replies)
Discussion started by: ukatru
2 Replies

10. UNIX for Advanced & Expert Users

Process responsible for filling up /var/tmp

Hi, Help ! - I have a process which I cannot find that is writing to /var/tmp every 10 minutes and filling up my partition, it is also filling up my wtmpx file. I have some software error correction for a faulty DIMM at the moment - is this likely to be causing this as well as over-loading my... (3 Replies)
Discussion started by: Mal
3 Replies
Login or Register to Ask a Question