FreeBSD Port: bacula-server-1.38.5_1
Pawel Zakiewicz
pawel.zakiewicz at thebunker.net
Tue Feb 7 03:11:56 PST 2006
Hi,
There is possible security issue in default Bacula
configuration, as one of their initialization scripts
creates MySQL database user with no password, enabled
to connect from everywhere, with all permissions to
bacula database.
There is some info in Bacula docs, that "If you need
more security, please assign a password to the root
user and to bacula." but, I my opinion, real problem
is allowing by default connections from everywhere...
Bacula can operate with localhost connection only,
as long as it is installed on same box with MySQL,
for other cases, specific hostname should be provided.
it maybe fixed in following way:
--- src/cats/grant_mysql_privileges.in Sat May 1 22:10:17 2004
+++ src/cats/grant_mysql_privileges.in.patched Tue Feb 7 11:04:57 2006
@@ -4,11 +4,14 @@
#
USER=bacula
bindir=@SQL_BINDIR@
+HOST=`hostname`
+
+echo ${HOST}
if $bindir/mysql $* -u root -f <<END-OF-DATA
use mysql
grant all privileges on bacula.* to ${USER}@localhost;
-grant all privileges on bacula.* to ${USER}@"%";
+grant all privileges on bacula.* to ${USER}@"${HOST}";
select * from user;
flush privileges;
END-OF-DATA
Cheers,
Pawel
--
Pawel Zakiewicz Tel: +44 (1304) 814800
The Bunker Fax: +44 (1304) 814899
Ash Radar Station http://www.thebunker.net
Marshborough Rd mailto:pawel.zakiewicz at thebunker.net
Sandwich
Kent
CT13 OPL
UNITED KINGDOM
More information about the freebsd-ports
mailing list