Bug 465215 - logwatch "http" script, make "phpmyadmin" detection minimally less sensitive
logwatch "http" script, make "phpmyadmin" detection minimally less sensitive
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: logwatch (Show other bugs)
5.2
All Linux
medium Severity low
: rc
: ---
Assigned To: Ivana Varekova
BaseOS QE
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-10-02 03:56 EDT by Jan Iven
Modified: 2013-04-12 15:54 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-10-26 08:16:48 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jan Iven 2008-10-02 03:56:59 EDT
Description of problem:

We get regular (false positive) warning mails about somebody mirroring some DAG phpmyadmin RPMs from us..:

!!!! 2 possible successful probes 

 /dag/redhat/el4/en/i386/dag/RPMS/phpmyadmin-2.11.9.2-1.el4.rf.noarch.rpm HTTP Response 200 



Modifying the "http" logwatch script slightly gets rid of these:

--- services/http~   2008-10-02 09:00:57.000000000 +0200
+++ services/http    2008-10-02 09:41:26.000000000 +0200
@@ -157,3 +157,3 @@
    'owssvr\.dll',
-   'phpmyadmin',
+   'phpmyadmin.*\/',
    'root\.exe',

To my understanding, any real use of phpmyadmin (if installed under this name) will involve accessing the individual php scripts installed under that path, i.e. include a directory separator in the URL.

Version-Release number of selected component (if applicable):
RHEL5:logwatch-7.3-6.el5.noarch
RHEL4:logwatch-5.2.2-4.el4.noarch


How reproducible:
always

Steps to Reproduce:
1. serve a phpmyadmin RPM
2. get warning mail from logwatch
Comment 3 Ivana Varekova 2009-10-26 07:52:58 EDT
The problem is already fixed in logwatch-7.3-6.el5.
Comment 5 RHEL Product and Program Management 2009-10-26 08:16:48 EDT
Development Management has reviewed and declined this request.  You may appeal
this decision by reopening this request.

Note You need to log in before you can comment on or make changes to this bug.