starred/hardening
1
0
Fork 0
mirror of https://github.com/konstruktoid/hardening.git synced 2026-04-27 09:45:54 +03:00
Code Issues 6 Projects Releases 4 Packages Wiki Activity

[GH-ISSUE #167] [BUG] Missing /usr/sbin in PATH results in acct log rotation failure in /etc/cron.daily/acct #63

New issue
Closed
opened 2026-03-03 13:58:50 +03:00 by kerem · 3 comments
kerem commented 2026-03-03 13:58:50 +03:00
Owner
Copy link

Originally created by @bob-rove on GitHub (Sep 14, 2022).
Original GitHub issue: https://github.com/konstruktoid/hardening/issues/167

Originally assigned to: @konstruktoid on GitHub.

Describe the bug

Modified system PATH variable results in /etc/cron.daily/acct being unable to locate /usr/sbin/invoke-rc.d, which is reported to /var/mail/root with corresponding message:

From root@xyz
Subject: Cron <root@xyz> test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )

/etc/cron.daily/acct:
/etc/cron.daily/acct: 25: invoke-rc.d: not found

This in turn results in acct log files not being fully rotated (process keeps writing to old file):

# ls -la /var/log/account/
total 20260
drwxr-xr-x  2 root root       4096 Sep 14 06:25 .
drwxrwxr-x 15 root syslog     4096 Sep 13 22:14 ..
-rw-r-----  1 root adm           0 Sep 14 06:25 pacct
-rw-r-----  1 root adm    20731968 Sep 14 09:27 pacct.0

To Reproduce

Wait until scripts in /etc/cron.daily are run and see /var/mail/root. Also check contents of /var/log/account/.

Expected behavior

/usr/sbin present in PATH exposed to cron.

System (lsb_release -a):

# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 22.04.1 LTS
Release:        22.04
Codename:       jammy

Additional context

None.

Originally created by @bob-rove on GitHub (Sep 14, 2022). Original GitHub issue: https://github.com/konstruktoid/hardening/issues/167 Originally assigned to: @konstruktoid on GitHub. **Describe the bug** Modified system `PATH` variable results in `/etc/cron.daily/acct` being unable to locate `/usr/sbin/invoke-rc.d`, which is reported to `/var/mail/root` with corresponding message: ``` From root@xyz Subject: Cron <root@xyz> test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily ) /etc/cron.daily/acct: /etc/cron.daily/acct: 25: invoke-rc.d: not found ``` This in turn results in `acct` log files not being fully rotated (process keeps writing to old file): ``` # ls -la /var/log/account/ total 20260 drwxr-xr-x 2 root root 4096 Sep 14 06:25 . drwxrwxr-x 15 root syslog 4096 Sep 13 22:14 .. -rw-r----- 1 root adm 0 Sep 14 06:25 pacct -rw-r----- 1 root adm 20731968 Sep 14 09:27 pacct.0 ``` **To Reproduce** Wait until scripts in `/etc/cron.daily` are run and see `/var/mail/root`. Also check contents of `/var/log/account/`. **Expected behavior** `/usr/sbin` present in `PATH` exposed to `cron`. **System (lsb_release -a):** ``` # lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 22.04.1 LTS Release: 22.04 Codename: jammy ``` **Additional context** None.
kerem closed this issue 2026-03-03 13:58:50 +03:00
kerem commented 2026-03-03 13:58:51 +03:00
Author
Owner
Copy link

@konstruktoid commented on GitHub (Sep 14, 2022):

Thanks @bob-rove for reporting this, I'll have a look and fix as soon as possible.

<!-- gh-comment-id:1246557175 --> @konstruktoid commented on GitHub (Sep 14, 2022): Thanks @bob-rove for reporting this, I'll have a look and fix as soon as possible.
kerem commented 2026-03-03 13:58:51 +03:00
Author
Owner
Copy link

@konstruktoid commented on GitHub (Sep 14, 2022):

I can't reproduce this, I'm using cron.hourly and manually running test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.hourly ) on both focal and jammy.

/usr/sbin should also be in your $PATH, it was added 3 months ago: github.com/konstruktoid/hardening@5db5cbbb9c

<!-- gh-comment-id:1246635467 --> @konstruktoid commented on GitHub (Sep 14, 2022): I can't reproduce this, I'm using `cron.hourly` and manually running `test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.hourly )` on both `focal` and `jammy`. `/usr/sbin` should also be in your `$PATH`, it was added 3 months ago: https://github.com/konstruktoid/hardening/commit/5db5cbbb9c0659df6de88a49072dda65a5e5c4a0
kerem commented 2026-03-03 13:58:51 +03:00
Author
Owner
Copy link

@bob-rove commented on GitHub (Sep 16, 2022):

Oh, my apologies! I've been using 4 month's old version and forgot to look in master 🤦
Great it was fixed already! 🚀

<!-- gh-comment-id:1249236456 --> @bob-rove commented on GitHub (Sep 16, 2022): Oh, my apologies! I've been using 4 month's old version and forgot to look in master 🤦 Great it was fixed already! 🚀
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
dependabot/github_actions/pozil/auto-assign-issue-3.0.0
renovate/github-codeql-action-4.x
v2.2.0
v2.1.0
v2.0.0
v1.0.0
v1.0
Labels
Clear labels   
Stale

   
bug

   
bug

   
bug

   
pull-request

Mirrored from GitHub Pull Request

No labels
Stale
bug
bug
bug
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/hardening#63
No description provided.