Bug 455654
| Summary: | Review Request: pads - Passive Asset Detection System | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Steve Grubb <sgrubb> |
| Component: | Package Review | Assignee: | Peter Vrabec <pvrabec> |
| Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | rawhide | CC: | fedora-package-review, kevin, notting, pvrabec |
| Target Milestone: | --- | Flags: | pvrabec:
fedora-review+
kevin: fedora-cvs+ |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2008-08-13 22:07:49 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Steve Grubb
2008-07-16 19:52:21 UTC
The prelude setup for pads was added as step 13 on http://people.redhat.com/sgrubb/audit/prelude.txt $ rpmlint pads-1.2-1.fc9.src.rpm pads.src: W: strange-permission pads.init 0755 pads.src: W: strange-permission pads.sysconfig 0640 - pads.init and pads.sysconfig might be 0644 $ rpmlint /usr/src/redhat/RPMS/i386/pads-1.2-1.fc9.i386.rpm pads.i386: E: non-readable /etc/sysconfig/pads 0640 pads.i386: W: non-conffile-in-etc /etc/pads-ether-codes pads.i386: W: non-conffile-in-etc /etc/pads-signature-list pads.i386: E: non-readable /etc/pads.conf 0640 pads.i386: W: incoherent-subsys /etc/rc.d/init.d/pads $prog pads.i386: W: incoherent-subsys /etc/rc.d/init.d/pads $prog 1 packages and 0 specfiles checked; 2 errors, 4 warnings. - is there a reason why not 0644 for /etc/sysconfig/pads and /etc/pads.conf - incoherent-subsys? it doesn't seem to me. prog=pads - non-conffile-in-etc - seems ok to me Everything else is OK. >$ rpmlint pads-1.2-1.fc9.src.rpm >pads.src: W: strange-permission pads.init 0755 >pads.src: W: strange-permission pads.sysconfig 0640 > >- pads.init and pads.sysconfig might be 0644 These are just the src files. I can change them, but I generally make them what they would be when installed. I do set the permission explicitly on install so I can make these 644 if needed. >$ rpmlint /usr/src/redhat/RPMS/i386/pads-1.2-1.fc9.i386.rpm >pads.i386: E: non-readable /etc/sysconfig/pads 0640 > >- is there a reason why not 0644 for /etc/sysconfig/pads and /etc/pads.conf It can give out details that non-root users shouldn't see. You can specify what networks to listen too, what uid to run as, what config file to use. I generally believe this info is not required for someone that is not the admin. Steve, change pads.init and pads.sysconfig permissions please. I don't consider it as a blocker, but it will make rpmlint more happy at least. /etc/sysconfig/pads and /etc/pads.conf $pgrep pads and I know the user. I can also check which interface is in promisc. mode so I can assume, where is pads listening to. Personally, I feel that there are some more files in /etc that are readable by non root users, even thou it is not needful. If you still stand for the 0640 go ahead, but I wouldn't like to do it until it is not necessary. New package uploaded. The permissions for the source files are fixed. I feel strongly that non-admin users should not be able to look at how IDS software is configured. If there are other packages with loose permissions, we will be fixing those at some point. :) Thanks. OK, the package is APPROVED now. New Package CVS Request ======================= Package Name: pads Short Description: Passive Asset Detection System Owners: sgrubb Branches: F-9 InitialCC: Cvsextras Commits: no cvs done. Why the cvsextras no? Thanks for taking taking care of cvs. pads is a security program that we've interfaced to IDS software. I was going to add other comitters from the security team to help keep an eye on it. pads was built in rawhide...closing bug. Thanks for the review. |