ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

File permissions danger

https://mail.forum.configserver.com/viewtopic.php?t=7065

Page 1 of 1

File permissions danger

Posted: 18 Oct 2013, 16:24
by eldergeek
cxsWatch, in particular /etc/cxs/cxswatch.sh ignores the --logfile parameter so I can't put this logfile anywhere safe.

The result is that it always logs into /var/log/cxswatch.log

If the file is deleted, and the service restarted, it creates the file chmod 644. As /var/log/ is readable by all, isn't this a security issue? As a standard user of a centos machine running cpanel, I can view this file and see entries pertaining to other users file activities, which makes for easy pickings for anyone trying to mount a symlink attack.

Re: File permissions danger

Posted: 18 Oct 2013, 21:03
by ForumAdmin
Thank you for the suggestion, we'll include something in the next release. In the meantime you can chmod the log file and add the following to the /etc/logrotate.d/cxswatch configuration file:

Code: Select all

create 0600 root root

Re: File permissions danger

Posted: 22 Oct 2013, 09:51
by ForumAdmin
This has now been implemented in v3.25:
http://blog.configserver.com/?p=2078
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited