Date: Thu, 21 Nov 2013 13:51:43 GMT From: Kozlov Sergey <kozlov.sergey.404@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/184143: [patch] secyrity/lynis incorrect permissions for data files Message-ID: <201311211351.rALDphQo060835@oldred.freebsd.org> Resent-Message-ID: <201311211400.rALE00RJ082558@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 184143 >Category: ports >Synopsis: [patch] secyrity/lynis incorrect permissions for data files >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Nov 21 14:00:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Kozlov Sergey >Release: 9.1-RELEASE-p7 >Organization: ARC >Environment: FreeBSD sonya 9.1-RELEASE-p7 FreeBSD 9.1-RELEASE-p7 #4: Tue Sep 10 18:39:35 EEST 2013 root@sonya:/usr/obj/usr/src/sys/GENERIC amd64 >Description: New version of lynis demands strict permissions on %%DATADIR%%/include/tests_* files, no more than 0600, but the port installs the files with mode 0444. When the lynis is called with the files with bad permissions, all of them are skipped: root# lynis -c -Q .. [+] General ------------------------------------ - Running test category storage... [ SKIPPED ] [+] General ------------------------------------ - Running test category storage_nfs... [ SKIPPED ] .. - [15:37:27] Warning: Invalid permissions on tests file tests_storage [test:NONE] [impact:H] - [15:37:27] Warning: Invalid permissions on tests file tests_storage_nfs [test:NONE] [impact:H] .. >How-To-Repeat: Install the lynis-1.3.5, call root# lynis -c -Q >Fix: Correct the pkg-plist so the package files will be installed with the correct modes Patch attached with submission follows: Index: Makefile =================================================================== --- Makefile (revision 334484) +++ Makefile (working copy) @@ -3,6 +3,7 @@ PORTNAME= lynis PORTVERSION= 1.3.5 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= http://cisofy.com/files/ Index: pkg-plist =================================================================== --- pkg-plist (revision 334484) +++ pkg-plist (working copy) @@ -22,6 +22,7 @@ %%DATADIR%%/include/parameters %%DATADIR%%/include/profiles %%DATADIR%%/include/report +@mode 0400 %%DATADIR%%/include/tests_accounting %%DATADIR%%/include/tests_authentication %%DATADIR%%/include/tests_banners @@ -63,6 +64,7 @@ %%DATADIR%%/include/tests_tooling %%DATADIR%%/include/tests_virtualization %%DATADIR%%/include/tests_webservers +@mode @dirrm %%DATADIR%%/include @dirrm %%DATADIR%%/dev/openbsd @dirrm %%DATADIR%%/dev >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201311211351.rALDphQo060835>