[hobbit] Re: [hobbit-announce] Hobbit monitor: Security issue with Hobbit 4.2-beta client

Charles Jones jonescr at cisco.com
Fri Jun 30 23:33:01 CEST 2006


Asif Iqbal wrote:

>For our systems we make sure if a log file needs to be monitored, 
>it is atleast readable by a group in which `hobbit' user belongs to.
>  
>
Same here, and in some installations, root access just plain isn't 
available.

>>Running logfetch as suid-root will most likely be removed in the final 
>>Hobbit 4.2 release of the client.
>>    
>>
>
>I like that
>  
>
Agreed. Everything (except hobbitping?) should be non-suid by default, 
and even if hobbitping remains suid, "make install" should not get a 
critical error if it cannot perform the chown and chmod of it. Perhaps 
there could be a blurb in the docs to remind folks to make sure that 
monitored logfiles need to be readable by the hobbit user or group, and 
leave SUID-ing logfetch up to the user, at their own risk.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20060630/386dbf3e/attachment.html>


More information about the Xymon mailing list