-
Notifications
You must be signed in to change notification settings - Fork 94
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
keystore
directory is granting read/execution permissions to user group/others
#2854
Comments
keystore
directory is granting read/execution permissions to group/otherskeystore
directory is granting read/execution permissions to user group/others
Hi @rauldpm [root@05a3e797059b /]# ls -ld /var/ossec/queue/keystore/
drwxr-x--- 2 wazuh wazuh 4096 Feb 27 14:51 /var/ossec/queue/keystore/
[root@05a3e797059b /]# /var/ossec/bin/wazuh-keystore -f indexer -k username -v admin
[root@05a3e797059b /]# ls -l /var/ossec/queue/keystore/
total 144
-rw-r--r-- 1 root root 1307 Feb 26 22:16 000012.sst
-rw-r--r-- 1 root root 0 Feb 27 14:51 000015.log
-rw-r--r-- 1 root root 1307 Feb 27 14:51 000023.sst
-rw-r--r-- 1 root root 16 Feb 27 14:51 CURRENT
-rw-r--r-- 1 root root 36 Feb 26 22:16 IDENTITY
-rw-r--r-- 1 root root 0 Feb 26 22:16 LOCK
-rw-r--r-- 1 root root 54733 Feb 27 14:51 LOG
-rw-r--r-- 1 root root 44832 Feb 26 22:16 LOG.old.1709045504859047
-rw-r--r-- 1 root root 420 Feb 27 14:51 MANIFEST-000016
-rw-r--r-- 1 root root 11473 Feb 27 14:51 OPTIONS-000020
-rw-r--r-- 1 root root 11474 Feb 27 14:51 OPTIONS-000022
[root@05a3e797059b /]# ls -ld /var/ossec/queue/keystore/
drwxr-x--- 2 wazuh wazuh 4096 Feb 27 19:07 /var/ossec/queue/keystore/
You can also access the generated package to perform this test. Is there a process that has been run after the installation? |
@rauldpm, we have not been able to reproduce the behavior described in this issue. If no further steps are provided to reproduce it, we will close this issue as "not planned". |
@tdrauncieal No, I just installed the 4.8.0 Beta 2 package in a CentOS 7 Vagrant box ( |
Description
Reviewing the 4.8.0 Beta 2 changelog, the following pull request has been found: #2804, this pull request mentions RPM and DEB system in the pull request name, but the changes only modify the RPM package.
While reviewing and comparing the Wazuh manager RPM package, it has been found that it set different permissions than the DEB package in the
/var/ossec/keystore/
directoryWe should review those permissions and check if they are correct since a
read
permission is being granted touser group
andexecution
permission is being granted toothers
, which could lead to a security risk.The text was updated successfully, but these errors were encountered: