From b00161f7ec484ca868f5569dbe991d33e51092c3 Mon Sep 17 00:00:00 2001
From: Yaroslav Halchenko <debian@onerussian.com>
Date: Thu, 16 Feb 2006 15:53:38 +0000
Subject: [PATCH] fixed #352053

---
 debian/NEWS      | 4 +++-
 debian/changelog | 2 ++
 debian/logrotate | 1 +
 debian/postinst  | 8 ++++++--
 4 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/debian/NEWS b/debian/NEWS
index a0c54cc9..17e45e19 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -3,6 +3,8 @@ fail2ban (0.6.0-4) unstable; urgency=low
   In this version the new section ApacheAttacks was introduced to ban IPs
   which are found to run some known attack on the host. For now it captures
   just awstats related attacks. Besides that to make it function the bug of
-  wrongly specified timeregexp for Apache's access.log file was fixed
+  wrongly specified timeregexp for Apache's access.log file was fixed.
+  Besides that group of log files has changed to be adm, and now they are
+  readable by the group
 
  -- Yaroslav Halchenko <debian@onerussian.com>  Fri, 10 Feb 2006 13:05:07 -0500
diff --git a/debian/changelog b/debian/changelog
index 2ff60da5..5cba8b87 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -11,6 +11,8 @@ fail2ban (0.6.0-3.5) UNRELEASED; urgency=low
     a webserver (awstats.pl as a try). This section stays split from Apache
     since it is of different nature and might be not appropriate for some
     users
+  * Forced owner/permissions of log file to be root:adm/640 in postinst and
+    logrotate (closes: #352053)
 
  -- Yaroslav Halchenko <debian@onerussian.com>  Mon, 16 Jan 2006 04:05:19 -0500
 
diff --git a/debian/logrotate b/debian/logrotate
index d9136c93..fe745f64 100644
--- a/debian/logrotate
+++ b/debian/logrotate
@@ -6,4 +6,5 @@
     postrotate
 	/etc/init.d/fail2ban restart >/dev/null
     endscript
+    create 640 root adm
 }
diff --git a/debian/postinst b/debian/postinst
index cf580e13..6d7d224d 100755
--- a/debian/postinst
+++ b/debian/postinst
@@ -21,9 +21,13 @@ preversion=$2
 case "$1" in
     configure)
        # To fix the bug in generated by previous version files permissions
-        LOG=/var/log/fail2ban.log
-        [ -f $LOG ] && chmod go-w $LOG
+       # also closes #352053
 
+       LOG=/var/log/fail2ban.log
+       touch $LOG
+       chown root:adm $LOG
+       chmod 640 $LOG
+        
        # Note regarding changed configuration file
 		if [ ! -z $preversion ] \
 			&& dpkg --compare-versions $preversion lt 0.5.4-5.14;