[Bug 194636] New: net-mgmt/icinga2: serious security issue with ido-pgsql.conf/ido-mysql.conf
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Oct 27 17:28:56 UTC 2014
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194636
Bug ID: 194636
Summary: net-mgmt/icinga2: serious security issue with
ido-pgsql.conf/ido-mysql.conf
Product: Ports Tree
Version: Latest
Hardware: Any
OS: Any
Status: Needs Triage
Severity: Affects Many People
Priority: ---
Component: Individual Port(s)
Assignee: freebsd-ports-bugs at FreeBSD.org
Reporter: ohartman at zedat.fu-berlin.de
CC: lme at FreeBSD.org
CC: lme at FreeBSD.org
Port net-mgmt/icinga2 provides gathering of status and monitoring informations
via IDO in an appropriate DB backend, prefereably PostgreSQL or MySQL. For
accessing the proper database, the module-configuration file has to be edited
manually to match the correct login/database credetilas. This means one has to
put the login and password for the DB access in
/usr/local/etc/icinga2/feature-avalable/ido-pgsql.conf (or ido-mysql.conf, if
MySQL backend is preferred).
The access mode for all files is set to octal 644, so world has read access to
the content. This is considered a security issue. I was able to prevent the
file from being read by strangers by setting all access bits to 640 octal and
change the group to "icinga" - which is the standard icinga user created when
installing the port net-mgmt/icinga2 and under which ID the icinga2 daemon is
running.
--- Comment #1 from Bugzilla Automation <bugzilla at FreeBSD.org> ---
Maintainers CC'd
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list