[bash] script is filling up my /var/log

soichiro · December 13, 2018, 1:34am

I am trying to create a script that checks if my VPN connection is up and running...
Everything seems to work as except but for some reason, the script fills up my /var/log/auth.log with the below information

Dec 13 01:07:44 debian sudo: soichiro : TTY=pts/0 ; PWD=/home/soichiro/Desktop ; USER=root ; COMMAND=/sbin/ifconfig tun0
Dec 13 01:07:44 debian sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Dec 13 01:07:44 debian sudo: pam_unix(sudo:session): session closed for user root
Dec 13 01:07:44 debian sudo: soichiro : TTY=pts/0 ; PWD=/home/soichiro/Desktop ; USER=root ; COMMAND=/sbin/ifconfig tun0
Dec 13 01:07:44 debian sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Dec 13 01:07:44 debian sudo: pam_unix(sudo:session): session closed for user root
Dec 13 01:07:44 debian sudo: soichiro : TTY=pts/0 ; PWD=/home/soichiro/Desktop ; USER=root ; COMMAND=/sbin/ifconfig tun0
Dec 13 01:07:44 debian sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Dec 13 01:07:44 debian sudo: pam_unix(sudo:session): session closed for user root
Dec 13 01:07:44 debian sudo: soichiro : TTY=pts/0 ; PWD=/home/soichiro/Desktop ; USER=root ; COMMAND=/sbin/ifconfig tun0
Dec 13 01:07:44 debian sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Dec 13 01:07:44 debian sudo: pam_unix(sudo:session): session closed for user root
Dec 13 01:07:44 debian sudo: soichiro : TTY=pts/0 ; PWD=/home/soichiro/Desktop ; USER=root ; COMMAND=/sbin/ifconfig tun0
Dec 13 01:07:44 debian sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Dec 13 01:07:44 debian sudo: pam_unix(sudo:session): session closed for user root
Dec 13 01:07:44 debian sudo: soichiro : TTY=pts/0 ; PWD=/home/soichiro/Desktop ; USER=root ; COMMAND=/sbin/ifconfig tun0
Dec 13 01:07:44 debian sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Dec 13 01:07:44 debian sudo: pam_unix(sudo:session): session closed for user root
Dec 13 01:07:44 debian sudo: soichiro : TTY=pts/0 ; PWD=/home/soichiro/Desktop ; USER=root ; COMMAND=/sbin/ifconfig tun0
Dec 13 01:07:44 debian sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Dec 13 01:07:44 debian sudo: pam_unix(sudo:session): session closed for user root
Dec 13 01:07:44 debian sudo: soichiro : TTY=pts/0 ; PWD=/home/soichiro/Desktop ; USER=root ; COMMAND=/sbin/ifconfig tun0
Dec 13 01:07:44 debian sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Dec 13 01:07:44 debian sudo: pam_unix(sudo:session): session closed for user root

This is my script

#!/bin/bash

vpn_status(){
	while true; do
		if ( sudo ifconfig tun0 | grep -q "00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00" ) &>/dev/null; then
			echo "$(tput bold)$(tput setaf 2)"
			printf '%s\r' "VPN scrypt is up and running..."
		else	
			echo "$(tput bold)$(tput setaf 1)"
			printf '%s\r' "VPN is Down..."
		fi 
   	done
}

vpn_status

Could someone please explain to me why/what I am doing wrong?

gull04 · December 13, 2018, 3:39am

Hi,

You have sudo logging to /var/log/auth.log, you may want to look at how it is setup I think that this is the default.

Regards

Gull04

RudiC · December 13, 2018, 10:00am

Not sure if you REALLY need to check the VPN connection umpteen times per second - consider using e.g. sleep 60 in the loop to reduce resource load.

Corona688 · December 13, 2018, 11:29am

Do you really need to run ifconfig as root anyway? You shouldn't, if all you're doing is checking values.

soichiro · December 13, 2018, 7:19pm

Unless I am wrong... In Debian a regular user does not have access to ifconfig.

--- Post updated 12-14-18 at 12:19 AM ---

It took me all day but in the end, I was finally able to prevent the following log files to increase in size.

/var/log/kern.log 
/var/log/auth.log 
/var/log/daemon.log

I took care of pam_unix(sudo:session) flooding my /var/log/auth.log by adding the below setting in /etc/sudoers.d/soichiro

Defaults   !logfile, !syslog, !pam_session

To prevent /var/log/daemon.log to increase in size, I removed the printf in my script

To solve the /var/log/kern.log which was being flooding with messages from UFW like the below one, I executes the command sudo ufw logging off

Dec 13 17:44:29 debian kernel: [16119.856118] [UFW BLOCK] IN= OUT=enp6s0 SRC= etc etc

I hope this will help someone out-there and if someone has a better way to do this, I am all hears.

Corona688 · December 14, 2018, 10:29am

Humor me. Just try it. I've never encountered a UNIX/Linux system which didn't allow you to read its network settings. I have encountered systems where it's not in the default PATH, but that didn't stop it from working when /absolute/path/to/ifconfig was used. And now that /sbin/ is mostly depreciated, that doesn't happen as much as it used to. 'which ifconfig' if uncertain.

Using sudo where unnecessary is a security risk. Someone could abuse those escalated privileges to change network settings. It could even conceivably happen by accident.