Bug 465215

Summary: logwatch "http" script, make "phpmyadmin" detection minimally less sensitive
Product: Red Hat Enterprise Linux 5 Reporter: Jan Iven <jan.iven>
Component: logwatchAssignee: Ivana Varekova <varekova>
Status: CLOSED WONTFIX QA Contact: BaseOS QE <qe-baseos-auto>
Severity: low Docs Contact:
Priority: medium    
Version: 5.2CC: ovasik
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-10-26 12:16:48 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jan Iven 2008-10-02 07:56:59 UTC 
Description of problem:

We get regular (false positive) warning mails about somebody mirroring some DAG phpmyadmin RPMs from us..:

!!!! 2 possible successful probes 

 /dag/redhat/el4/en/i386/dag/RPMS/phpmyadmin-2.11.9.2-1.el4.rf.noarch.rpm HTTP Response 200 



Modifying the "http" logwatch script slightly gets rid of these:

--- services/http~   2008-10-02 09:00:57.000000000 +0200
+++ services/http    2008-10-02 09:41:26.000000000 +0200
@@ -157,3 +157,3 @@
    'owssvr\.dll',
-   'phpmyadmin',
+   'phpmyadmin.*\/',
    'root\.exe',

To my understanding, any real use of phpmyadmin (if installed under this name) will involve accessing the individual php scripts installed under that path, i.e. include a directory separator in the URL.

Version-Release number of selected component (if applicable):
RHEL5:logwatch-7.3-6.el5.noarch
RHEL4:logwatch-5.2.2-4.el4.noarch


How reproducible:
always

Steps to Reproduce:
1. serve a phpmyadmin RPM
2. get warning mail from logwatch
Comment 3 Ivana Varekova 2009-10-26 11:52:58 UTC 
The problem is already fixed in logwatch-7.3-6.el5.
Comment 5 RHEL Program Management 2009-10-26 12:16:48 UTC 
Development Management has reviewed and declined this request.  You may appeal
this decision by reopening this request.