Bug 465215 - logwatch "http" script, make "phpmyadmin" detection minimally less sensitive
Summary: logwatch "http" script, make "phpmyadmin" detection minimally less sensitive
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: logwatch
Version: 5.2
Hardware: All
OS: Linux
medium
low
Target Milestone: rc
: ---
Assignee: Ivana Varekova
QA Contact: BaseOS QE
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-10-02 07:56 UTC by Jan Iven
Modified: 2013-04-12 19:54 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-10-26 12:16:48 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Jan Iven 2008-10-02 07:56:59 UTC 
Description of problem:

We get regular (false positive) warning mails about somebody mirroring some DAG phpmyadmin RPMs from us..:

!!!! 2 possible successful probes 

 /dag/redhat/el4/en/i386/dag/RPMS/phpmyadmin-2.11.9.2-1.el4.rf.noarch.rpm HTTP Response 200 



Modifying the "http" logwatch script slightly gets rid of these:

--- services/http~   2008-10-02 09:00:57.000000000 +0200
+++ services/http    2008-10-02 09:41:26.000000000 +0200
@@ -157,3 +157,3 @@
    'owssvr\.dll',
-   'phpmyadmin',
+   'phpmyadmin.*\/',
    'root\.exe',

To my understanding, any real use of phpmyadmin (if installed under this name) will involve accessing the individual php scripts installed under that path, i.e. include a directory separator in the URL.

Version-Release number of selected component (if applicable):
RHEL5:logwatch-7.3-6.el5.noarch
RHEL4:logwatch-5.2.2-4.el4.noarch


How reproducible:
always

Steps to Reproduce:
1. serve a phpmyadmin RPM
2. get warning mail from logwatch
Comment 3 Ivana Varekova 2009-10-26 11:52:58 UTC 
The problem is already fixed in logwatch-7.3-6.el5.
Comment 5 RHEL Program Management 2009-10-26 12:16:48 UTC 
Development Management has reviewed and declined this request.  You may appeal
this decision by reopening this request.
Note You need to log in before you can comment on or make changes to this bug.