First Last Prev Next    This bug is not in your last search results.
Bug 47015 - 01_base.26check_logfiles_general
01_base.26check_logfiles_general
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Monitoring (Prometheus or Nagios)
UCS 4.3
Other Linux
: P5 normal (vote)
: UCS 4.3-0-errata
Assigned To: Felix Botner
Erik Damrose
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-05-16 09:27 CEST by Felix Botner
Modified: 2018-06-06 16:16 CEST (History)
0 users

See Also:
What kind of report is it?: Development Internal
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Felix Botner univentionstaff 2018-05-16 09:27:46 CEST 
fails in update test with

[2018-05-15 18:42:05.867443] ***Searching for world-readable logfiles:
[2018-05-15 18:42:05.871377] Some potentially sensitive log files are world-readable:
[2018-05-15 18:42:05.873906] -rw-r--r-- 1 nagios nagios 19829 Mai 15 18:35 /var/log/nagios/nagios.log
Comment 1 Felix Botner univentionstaff 2018-05-16 10:25:05 CEST 
This is an actual bug, in 4.2 the /var/log/nagios3/nagios.log has 644. During the update to 4.3 we create the new log file with proper permissions

create_logfile /var/log/nagios/nagios.log "nagios:nagios" 640

but after that mv the old file to new new localtion, including the old permissions.

FIX: 

call create_logfile after the "move" stuff

univention-nagios dc42190d4efb170e626b79d624c528a33e12f99a
yaml 6773337d4ed0588a7681df090270ebc6eebe0436
Comment 2 Erik Damrose univentionstaff 2018-05-23 14:46:59 CEST 
OK: create and set logfile permission after other manipulations in univention-nagios-server.postinst, fixing permissions.
OK: yaml
Verified
Comment 3 Erik Damrose univentionstaff 2018-06-06 16:16:31 CEST 
<http://errata.software-univention.de/ucs/4.3/101.html>
First Last Prev Next    This bug is not in your last search results.