[Xymon] XyMon client binaries default security is bad

Jeremy Laidman jlaidman at rebel-it.com.au
Thu Mar 7 06:49:29 CET 2013


On 2 March 2013 06:44, Larry Barber <lebarber at gmail.com> wrote:

> It could allow bogus reports to be sent to the Xymon server, maybe hiding
> something malicious.
>

I can do that using telnet, or in the absence of telnet, I can use bash.
 The binaries make it slightly more convenient, that's all.


> Also, a lot of security scans will pick up on things that are world
> executable and not in one of the standard directories (like /usr/bin, /bin,
> etc.).
>

Really!  Why?  I've never seen this, except when the script is also
world-writeable.  What security scanner(s) are you referring to?

Lots of users write their own scripts and keep them in their home
directories.  Sysadmins write scripts like this all the time.  I'm not sure
this is a useful security stance.

J
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20130307/27addaa9/attachment.html>


More information about the Xymon mailing list