Date: Mon, 27 Oct 2014 17:28:55 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 194636] New: net-mgmt/icinga2: serious security issue with ido-pgsql.conf/ido-mysql.conf Message-ID: <bug-194636-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194636 Bug ID: 194636 Summary: net-mgmt/icinga2: serious security issue with ido-pgsql.conf/ido-mysql.conf Product: Ports Tree Version: Latest Hardware: Any OS: Any Status: Needs Triage Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: freebsd-ports-bugs@FreeBSD.org Reporter: ohartman@zedat.fu-berlin.de CC: lme@FreeBSD.org CC: lme@FreeBSD.org Port net-mgmt/icinga2 provides gathering of status and monitoring informations via IDO in an appropriate DB backend, prefereably PostgreSQL or MySQL. For accessing the proper database, the module-configuration file has to be edited manually to match the correct login/database credetilas. This means one has to put the login and password for the DB access in /usr/local/etc/icinga2/feature-avalable/ido-pgsql.conf (or ido-mysql.conf, if MySQL backend is preferred). The access mode for all files is set to octal 644, so world has read access to the content. This is considered a security issue. I was able to prevent the file from being read by strangers by setting all access bits to 640 octal and change the group to "icinga" - which is the standard icinga user created when installing the port net-mgmt/icinga2 and under which ID the icinga2 daemon is running. --- Comment #1 from Bugzilla Automation <bugzilla@FreeBSD.org> --- Maintainers CC'd -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-194636-13>