Spec URL: http://people.redhat.com/sgrubb/files/pads.spec SRPM URL: http://people.redhat.com/sgrubb/files/pads-1.2-1.fc9.src.rpm Description: PADS is a libpcap based detection engine used to passively detect network assets. It is designed to complement IDS technology by providing context to IDS alerts. When new assets are found, it can send IDMEF alerts via prelude.
The prelude setup for pads was added as step 13 on http://people.redhat.com/sgrubb/audit/prelude.txt
$ rpmlint pads-1.2-1.fc9.src.rpm pads.src: W: strange-permission pads.init 0755 pads.src: W: strange-permission pads.sysconfig 0640 - pads.init and pads.sysconfig might be 0644 $ rpmlint /usr/src/redhat/RPMS/i386/pads-1.2-1.fc9.i386.rpm pads.i386: E: non-readable /etc/sysconfig/pads 0640 pads.i386: W: non-conffile-in-etc /etc/pads-ether-codes pads.i386: W: non-conffile-in-etc /etc/pads-signature-list pads.i386: E: non-readable /etc/pads.conf 0640 pads.i386: W: incoherent-subsys /etc/rc.d/init.d/pads $prog pads.i386: W: incoherent-subsys /etc/rc.d/init.d/pads $prog 1 packages and 0 specfiles checked; 2 errors, 4 warnings. - is there a reason why not 0644 for /etc/sysconfig/pads and /etc/pads.conf - incoherent-subsys? it doesn't seem to me. prog=pads - non-conffile-in-etc - seems ok to me Everything else is OK.
>$ rpmlint pads-1.2-1.fc9.src.rpm >pads.src: W: strange-permission pads.init 0755 >pads.src: W: strange-permission pads.sysconfig 0640 > >- pads.init and pads.sysconfig might be 0644 These are just the src files. I can change them, but I generally make them what they would be when installed. I do set the permission explicitly on install so I can make these 644 if needed. >$ rpmlint /usr/src/redhat/RPMS/i386/pads-1.2-1.fc9.i386.rpm >pads.i386: E: non-readable /etc/sysconfig/pads 0640 > >- is there a reason why not 0644 for /etc/sysconfig/pads and /etc/pads.conf It can give out details that non-root users shouldn't see. You can specify what networks to listen too, what uid to run as, what config file to use. I generally believe this info is not required for someone that is not the admin.
Steve, change pads.init and pads.sysconfig permissions please. I don't consider it as a blocker, but it will make rpmlint more happy at least. /etc/sysconfig/pads and /etc/pads.conf $pgrep pads and I know the user. I can also check which interface is in promisc. mode so I can assume, where is pads listening to. Personally, I feel that there are some more files in /etc that are readable by non root users, even thou it is not needful. If you still stand for the 0640 go ahead, but I wouldn't like to do it until it is not necessary.
New package uploaded. The permissions for the source files are fixed. I feel strongly that non-admin users should not be able to look at how IDS software is configured. If there are other packages with loose permissions, we will be fixing those at some point. :) Thanks.
OK, the package is APPROVED now.
New Package CVS Request ======================= Package Name: pads Short Description: Passive Asset Detection System Owners: sgrubb Branches: F-9 InitialCC: Cvsextras Commits: no
cvs done. Why the cvsextras no?
Thanks for taking taking care of cvs. pads is a security program that we've interfaced to IDS software. I was going to add other comitters from the security team to help keep an eye on it.
pads was built in rawhide...closing bug. Thanks for the review.