https://bugs.contribs.org/show_bug.cgi?id=10292
Jean-Philippe Pialasse <[email protected]> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |[email protected]
--- Comment #1 from Jean-Philippe Pialasse <[email protected]> ---
this use rrd databases. This is not really flexible to add or remove entries.
Adding could be done, removing need to rewrite the whole db, risking to loose
its content
here is the rrd db :
rrdtool create /var/lib/sme9admin/net.rrd -s 300 \
DS:samba:GAUGE:600:0:U \
DS:dhcp:GAUGE:600:0:U \
DS:mail_in:GAUGE:600:0:U \
DS:mail_out:GAUGE:600:0:U \
DS:spam:GAUGE:600:0:U \
DS:virus:GAUGE:600:0:U \
DS:minlatency:GAUGE:600:0:U \
DS:avglatency:GAUGE:600:0:U \
DS:maxlatency:GAUGE:600:0:U \
DS:loss:GAUGE:600:0:U \
this one store the ping and also samba, dhcp mail in and out and spam( not
used anymore, I created a new rrd fro qmail and for qpsmtpd)
If you want to monitor multiple hosts, I suggest you to move to cacti or
zabbix.
your result replacing the , to a ; make you only profiting of a lack of
sanitization of user input and literally hacked the command line :
my $target=$params{'PingTarget'};
my @ping=`/bin/ping -c 20 -i 0.25 -qnw 7 $target 2> /dev/null`;
then you get from a syntax error
/bin/ping -c 20 -i 0.25 -qnw 7 google.com,google.co.uk 2> /dev/null
to hacking the command, and you could also have done this :
/bin/ping -c 20 -i 0.25 -qnw 7 google.com; ssh root@remotehost rm -rf / 2>
/dev/null
or this:
/bin/ping -c 20 -i 0.25 -qnw 7 google.com; rm -rf / 2> /dev/null
in other word and as resumé, I do not think the NFR will make it, but thanks
for your finding of a potential dangerous issue, we need to fix ASAP
--
You are receiving this mail because:
You are the QA Contact for the bug._______________________________________________
Mail for each SME Contribs bug report
To unsubscribe, e-mail [email protected]
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
