[Openvas-discuss] openvas8 packaging bugs on atomic repo

Eero Volotinen eero.volotinen at iki.fi
Sat Aug 1 19:18:36 CEST 2015


yes and there are possible some other with incorrect permissions like
(don't know how to verify, but.. )

ls -l
/usr/share/openvas/openvasmd/global_schema_formats/02052818-dab6-11df-9be4-002264764cea/generate

-rwxr-xr--. 1 root root 1050 May 11 13:52
/usr/share/openvas/openvasmd/global_schema_formats/02052818-dab6-11df-9be4-002264764cea/generate


--

Eero

2015-08-01 20:12 GMT+03:00 Kent Fritz <KFritz at shoretel.com>:

> There are a couple of “alert” scripts that have the wrong permissions as
> well.  I don’t know the impact, or whether the code tries to setuid to
> “nobody” before running these – perhaps someone familiar with these can
> comment.  In my case, I applied the attached patch to the openvas-manager
> source before building.
>
>
>
>
>
> *From:* Openvas-discuss [mailto:
> openvas-discuss-bounces at wald.intevation.org] *On Behalf Of *Eero Volotinen
> *Sent:* Saturday, August 01, 2015 9:45 AM
> *To:* michael.wiegand at greenbone.net; openvas-discuss at wald.intevation.org;
> scott at atomicorp.com; support at atomicorp.com
> *Subject:* [Openvas-discuss] openvas8 packaging bugs on atomic repo
>
>
>
> Hi Scott,
>
>
>
> There are two bug in openvas 8 package in atomic repo. they mainly render
> openvas unworkable on default settings.
>
>
>
> 1 - bad permissions on generate scripts on openvas manager (see patch 1)
>
> 2 - incorrect configuration in redis-server configuration (see patch 2)
>
>
>
> please fix both.
>
>
>
> see following patches:
>
>
>
> 1)
>
>
>
>
>
> --- openvas-manager-art.spec.old            2015-08-01 19:23:48.512280936
> +0300
>
> +++ openvas-manager-art.spec                2015-08-01 19:43:17.011535629
> +0300
>
> @@ -1,7 +1,7 @@
>
>  Summary: The Open Vulnerability Assessment (OpenVAS) Manager
>
>  Name:    openvas-manager
>
>  Version: 6.0.4
>
> -Release: 31.art
>
> +Release: 32.art
>
>  Source0: %{name}-%{version}.tar.gz
>
>  Source1: openvasmd-init.sh
>
>  Source2: openvas-manager.sysconfig
>
> @@ -216,6 +216,7 @@
>
>
>
>  %if 0%{?rhel} >= 7 || 0%{?fedora} > 15
>
>  %post
>
> +chmod 755 /usr/share/openvas/openvasmd/global_report_formats/*/generate
>
>  %systemd_post %{name}.service
>
>
>
>  %preun
>
> @@ -282,8 +283,10 @@
>
>
>
>
>
>
>
> -
>
>  %changelog
>
> +* Sat Aug 1 2015 Eero Volotinen <eero.volotinen at iki.fi> - 6.0.4-32
>
> +- fix permissions on generate scripts
>
> +
>
>  * Mon Jul 13 2015 Scott R. Shinn <scott at atomicorp.com> - 6.0.4-31
>
>  - Update to 6.0.4
>
>
>
>
>
>
>
> 2)
>
>
>
> --- redis.conf           2015-08-01 19:40:48.402104546 +0300
>
> +++ redis.conf.eero  2015-08-01 19:40:35.774407524 +0300
>
> @@ -67,8 +67,8 @@
>
>  # incoming connections. There is no default, so Redis will not listen
>
>  # on a unix socket when not specified.
>
>  #
>
> -# unixsocket /tmp/redis.sock
>
> -# unixsocketperm 700
>
> + unixsocket /tmp/redis.sock
>
> + unixsocketperm 700
>
>
>
>  # Close the connection after a client is idle for N seconds (0 to disable)
>
>  timeout 0
>
>
>
>
>
> br,
>
> --
>
> Eero
>
> ------------------------------
>
> This e-mail and any attachments are confidential. If it is not intended
> for you, please notify the sender, and please erase and ignore the contents.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20150801/6c2c942b/attachment.html>


More information about the Openvas-discuss mailing list