[Bug 194636] New: net-mgmt/icinga2: serious security issue with ido-pgsql.conf/ido-mysql.conf

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Mon Oct 27 17:28:56 UTC 2014


https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194636

            Bug ID: 194636
           Summary: net-mgmt/icinga2: serious security issue with
                    ido-pgsql.conf/ido-mysql.conf
           Product: Ports Tree
           Version: Latest
          Hardware: Any
                OS: Any
            Status: Needs Triage
          Severity: Affects Many People
          Priority: ---
         Component: Individual Port(s)
          Assignee: freebsd-ports-bugs at FreeBSD.org
          Reporter: ohartman at zedat.fu-berlin.de
                CC: lme at FreeBSD.org
                CC: lme at FreeBSD.org

Port net-mgmt/icinga2 provides gathering of status and monitoring informations
via IDO in an appropriate DB backend, prefereably PostgreSQL or MySQL. For
accessing the proper database, the module-configuration file has to be edited
manually to match the correct login/database credetilas. This means one has to
put the login and password for the DB access in
/usr/local/etc/icinga2/feature-avalable/ido-pgsql.conf (or ido-mysql.conf, if
MySQL backend is preferred).

The access mode for all files is set to octal 644, so world has read access to
the content. This is considered a security issue. I was able to prevent the
file from being read by strangers by setting all access bits to 640 octal and
change the group to "icinga" - which is the standard icinga user created when
installing the port net-mgmt/icinga2 and under which ID the icinga2 daemon is
running.

--- Comment #1 from Bugzilla Automation <bugzilla at FreeBSD.org> ---
Maintainers CC'd

-- 
You are receiving this mail because:
You are the assignee for the bug.


More information about the freebsd-ports-bugs mailing list