[Xymon] XyMon client binaries default security is bad

Larry Barber lebarber at gmail.com
Fri Mar 1 20:44:26 CET 2013


It could allow bogus reports to be sent to the Xymon server, maybe hiding
something malicious.

Also, a lot of security scans will pick up on things that are world
executable and not in one of the standard directories (like /usr/bin, /bin,
etc.).

Thanks,
Larry Barber

On Thu, Feb 28, 2013 at 9:37 PM, Jeremy Laidman <jlaidman at rebel-it.com.au>wrote:

> What's wrong with non-xymon users executing these commands?  What harm
> could it do?
>
>
> On 1 March 2013 08:59, Andrey Chervonets <a.chervonets at cominder.eu> wrote:
>
>>  upgraded XyMon (clinet) to 4.3.10 (the same was at least in 4.3.5) and
>> notices all files in bin can read and execute privileges to everyone:
>>
>> ls -l client/bin/
>> total 1840
>> -rwxr-xr-x  1 xymon monitor 161079 Feb 28 21:08 clientupdate
>> -rwxr-xr-x  1 xymon monitor 200250 Feb 28 21:08 logfetch
>> -rwxr-xr-x  1 xymon monitor 151256 Feb 28 21:08 msgcache
>> -rwxr-xr-x  1 xymon monitor 153905 Feb 28 21:08 orcaxymon
>> -rwxr-xr-x  1 xymon monitor 156173 Feb 28 21:08 xymon
>> -rwxr-xr-x  1 xymon monitor 133445 Feb 28 21:08 xymoncfg
>> ....
>>
>> I suppose it depends on umask setting during installation, but I would be
>> more happy if installation process setup more secured configuration
>> regardless of default settings.
>> At least:  -rwxr-x---
>>
>>
>>
>> _______________________________________________
>> Xymon mailing list
>> Xymon at xymon.com
>> http://lists.xymon.com/mailman/listinfo/xymon
>>
>>
>
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20130301/8e15447e/attachment.html>


More information about the Xymon mailing list