fixed #352053

debian/NEWS

@@ -3,6 +3,8 @@ fail2ban (0.6.0-4) unstable; urgency=low
   In this version the new section ApacheAttacks was introduced to ban IPs
   which are found to run some known attack on the host. For now it captures
   just awstats related attacks. Besides that to make it function the bug of
-  wrongly specified timeregexp for Apache's access.log file was fixed
+  wrongly specified timeregexp for Apache's access.log file was fixed.
+  Besides that group of log files has changed to be adm, and now they are
+  readable by the group
 
  -- Yaroslav Halchenko <debian@onerussian.com>  Fri, 10 Feb 2006 13:05:07 -0500

debian/changelog

@@ -11,6 +11,8 @@ fail2ban (0.6.0-3.5) UNRELEASED; urgency=low
     a webserver (awstats.pl as a try). This section stays split from Apache
     since it is of different nature and might be not appropriate for some
     users
+  * Forced owner/permissions of log file to be root:adm/640 in postinst and
+    logrotate (closes: #352053)
 
  -- Yaroslav Halchenko <debian@onerussian.com>  Mon, 16 Jan 2006 04:05:19 -0500
 

debian/logrotate

@@ -6,4 +6,5 @@
     postrotate
 	/etc/init.d/fail2ban restart >/dev/null
     endscript
+    create 640 root adm
 }

debian/postinst

@@ -21,9 +21,13 @@ preversion=$2
 case "$1" in
     configure)
        # To fix the bug in generated by previous version files permissions
-        LOG=/var/log/fail2ban.log
+       # also closes #352053
-        [ -f $LOG ] && chmod go-w $LOG
 
+       LOG=/var/log/fail2ban.log
+       touch $LOG
+       chown root:adm $LOG
+       chmod 640 $LOG
+        
        # Note regarding changed configuration file
 		if [ ! -z $preversion ] \
 			&& dpkg --compare-versions $preversion lt 0.5.4-5.14;