File permissions danger

3 posts Page 1 of 1
eldergeek
Junior Member
Posts: 26
Joined: 18 Mar 2010, 07:25


cxsWatch, in particular /etc/cxs/cxswatch.sh ignores the --logfile parameter so I can't put this logfile anywhere safe.

The result is that it always logs into /var/log/cxswatch.log

If the file is deleted, and the service restarted, it creates the file chmod 644. As /var/log/ is readable by all, isn't this a security issue? As a standard user of a centos machine running cpanel, I can view this file and see entries pertaining to other users file activities, which makes for easy pickings for anyone trying to mount a symlink attack.
ForumAdmin
Moderator
Posts: 1433
Joined: 01 Oct 2008, 09:24


Thank you for the suggestion, we'll include something in the next release. In the meantime you can chmod the log file and add the following to the /etc/logrotate.d/cxswatch configuration file:
Code: Select all
create 0600 root root
ForumAdmin
Moderator
Posts: 1433
Joined: 01 Oct 2008, 09:24


This has now been implemented in v3.25:
http://blog.configserver.com/?p=2078
3 posts Page 1 of 1