Description of problem: The Nagios RPM is installing several files and directories under /usr that have permissions 0775, which violates DISA-STIG rules RHEL-09-232010 RHEL-09-232015 RHEL-09-232020 Version-Release number of selected component (if applicable): 4.4.14 How reproducible: Very Steps to Reproduce: 1. yum install nagios 2. RHEL-09-232010 - find -L /bin /sbin /usr/bin /usr/sbin /usr/libexec /usr/local/bin /usr/local/sbin -perm /022 -exec /bin/echo {} \; 2. RHEL-09-232015 - find -L /lib /lib64 /usr/lib /usr/lib64 -perm /022 -type d -exec /bin/echo {} \; 3. RHEL-09-232020 - find -L /lib /lib64 /usr/lib /usr/lib64 -perm /022 -type f -exec /bin/echo {} \; Actual results: # find -L /bin /sbin /usr/bin /usr/sbin /usr/libexec /usr/local/bin /usr/local/sbin -perm /022 -exec /bin/echo {} \; /sbin/convertcfg /usr/sbin/convertcfg # # find -L /lib /lib64 /usr/lib /usr/lib64 -perm /022 -type d -exec /bin/echo {} \; /lib64/nagios/cgi-bin /lib64/nagios/cgi /usr/lib64/nagios/cgi-bin /usr/lib64/nagios/cgi # # find -L /lib /lib64 /usr/lib /usr/lib64 -perm /022 -type f -exec /bin/echo {} \; /lib/.build-id/8a/54b4ad6f89bb642700e3907ef674772217ae63 /lib/.build-id/a5/86a250def3964b936748702913c479a27825c5 /lib/.build-id/fb/23703128615f226138241c87a763b741814343 /lib/.build-id/0c/a5127150ed86de833e1f0892cc40d18ad58c66 /lib/.build-id/19/afca33debed84fcf7d2c8a9136d399726d1b73 /lib/.build-id/52/d9fcc5cfecfcd129cd318ecde90f7f1ffdb7f2 /lib/.build-id/9d/4307972bcb1e24d0c86e6501dd2d8a16e66e95 /lib/.build-id/ba/53803a2ca88238ba66099ea864e638d3d1ae8b /lib/.build-id/db/f75010180ea107488ae91610918ab47c3519c0 /lib/.build-id/f0/1184d4eb7bb5014f64f052d0ec638610fee2a7 /lib/.build-id/fd/e6b9fa56e9aedbb6b4450cc6045352659d9b3a /lib/.build-id/83/64ddb405bb392ab681efa20d24465c5e9cfd4b /lib/.build-id/5c/69d0e2298690389849db25ecb84a9ac98fd8da /lib/.build-id/ec/81c82761175cbcc31819c45994e9ee33803697 /lib/.build-id/a9/7b7e571e352e4ca548363ea227a9d09bd7545a /lib/.build-id/d7/3783b685c2540977a80edab57758f38b9baa13 /lib/.build-id/b5/4eeb2ae6c1db15c78bf6e038e47c79c47b76f7 /lib/.build-id/1a/5b48d9cc502a2a54254f3bb7d6cb83274a4af0 /lib/.build-id/40/18f59c275ca53f24f5107765d76e340309b283 /lib/.build-id/e3/fcc0dbf55f44f23d26682e670674979ea6c961 /lib64/nagios/cgi-bin/archivejson.cgi /lib64/nagios/cgi-bin/avail.cgi /lib64/nagios/cgi-bin/cmd.cgi /lib64/nagios/cgi-bin/config.cgi /lib64/nagios/cgi-bin/extinfo.cgi /lib64/nagios/cgi-bin/histogram.cgi /lib64/nagios/cgi-bin/history.cgi /lib64/nagios/cgi-bin/notifications.cgi /lib64/nagios/cgi-bin/objectjson.cgi /lib64/nagios/cgi-bin/outages.cgi /lib64/nagios/cgi-bin/showlog.cgi /lib64/nagios/cgi-bin/status.cgi /lib64/nagios/cgi-bin/statusjson.cgi /lib64/nagios/cgi-bin/statusmap.cgi /lib64/nagios/cgi-bin/statuswml.cgi /lib64/nagios/cgi-bin/statuswrl.cgi /lib64/nagios/cgi-bin/summary.cgi /lib64/nagios/cgi-bin/tac.cgi /lib64/nagios/cgi-bin/trends.cgi /lib64/nagios/cgi/daemonchk.cgi /lib64/nagios/cgi/traceroute.cgi /usr/lib/.build-id/8a/54b4ad6f89bb642700e3907ef674772217ae63 /usr/lib/.build-id/a5/86a250def3964b936748702913c479a27825c5 /usr/lib/.build-id/fb/23703128615f226138241c87a763b741814343 /usr/lib/.build-id/0c/a5127150ed86de833e1f0892cc40d18ad58c66 /usr/lib/.build-id/19/afca33debed84fcf7d2c8a9136d399726d1b73 /usr/lib/.build-id/52/d9fcc5cfecfcd129cd318ecde90f7f1ffdb7f2 /usr/lib/.build-id/9d/4307972bcb1e24d0c86e6501dd2d8a16e66e95 /usr/lib/.build-id/ba/53803a2ca88238ba66099ea864e638d3d1ae8b /usr/lib/.build-id/db/f75010180ea107488ae91610918ab47c3519c0 /usr/lib/.build-id/f0/1184d4eb7bb5014f64f052d0ec638610fee2a7 /usr/lib/.build-id/fd/e6b9fa56e9aedbb6b4450cc6045352659d9b3a /usr/lib/.build-id/83/64ddb405bb392ab681efa20d24465c5e9cfd4b /usr/lib/.build-id/5c/69d0e2298690389849db25ecb84a9ac98fd8da /usr/lib/.build-id/ec/81c82761175cbcc31819c45994e9ee33803697 /usr/lib/.build-id/a9/7b7e571e352e4ca548363ea227a9d09bd7545a /usr/lib/.build-id/d7/3783b685c2540977a80edab57758f38b9baa13 /usr/lib/.build-id/b5/4eeb2ae6c1db15c78bf6e038e47c79c47b76f7 /usr/lib/.build-id/1a/5b48d9cc502a2a54254f3bb7d6cb83274a4af0 /usr/lib/.build-id/40/18f59c275ca53f24f5107765d76e340309b283 /usr/lib/.build-id/e3/fcc0dbf55f44f23d26682e670674979ea6c961 /usr/lib64/nagios/cgi-bin/archivejson.cgi /usr/lib64/nagios/cgi-bin/avail.cgi /usr/lib64/nagios/cgi-bin/cmd.cgi /usr/lib64/nagios/cgi-bin/config.cgi /usr/lib64/nagios/cgi-bin/extinfo.cgi /usr/lib64/nagios/cgi-bin/histogram.cgi /usr/lib64/nagios/cgi-bin/history.cgi /usr/lib64/nagios/cgi-bin/notifications.cgi /usr/lib64/nagios/cgi-bin/objectjson.cgi /usr/lib64/nagios/cgi-bin/outages.cgi /usr/lib64/nagios/cgi-bin/showlog.cgi /usr/lib64/nagios/cgi-bin/status.cgi /usr/lib64/nagios/cgi-bin/statusjson.cgi /usr/lib64/nagios/cgi-bin/statusmap.cgi /usr/lib64/nagios/cgi-bin/statuswml.cgi /usr/lib64/nagios/cgi-bin/statuswrl.cgi /usr/lib64/nagios/cgi-bin/summary.cgi /usr/lib64/nagios/cgi-bin/tac.cgi /usr/lib64/nagios/cgi-bin/trends.cgi /usr/lib64/nagios/cgi/daemonchk.cgi /usr/lib64/nagios/cgi/traceroute.cgi # Expected results: # find -L /bin /sbin /usr/bin /usr/sbin /usr/libexec /usr/local/bin /usr/local/sbin -perm /022 -exec /bin/echo {} \; # # find -L /lib /lib64 /usr/lib /usr/lib64 -perm /022 -type d -exec /bin/echo {} \; # # find -L /lib /lib64 /usr/lib /usr/lib64 -perm /022 -type f -exec /bin/echo {} \; # Additional info: All files in question are root.root so changing the default install permissions to 0755 in the SPEC file should not have an impact on anyone, but will resolve a DISA-STIG issue.
FEDORA-EPEL-2024-65a6ff8c53 (nagios-4.4.14-4.el9) has been submitted as an update to Fedora EPEL 9. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-65a6ff8c53
FEDORA-EPEL-2024-65a6ff8c53 has been pushed to the Fedora EPEL 9 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-65a6ff8c53 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-EPEL-2024-65a6ff8c53 (nagios-4.4.14-4.el9) has been pushed to the Fedora EPEL 9 stable repository. If problem still persists, please make note of it in this bug report.