Your message dated Wed, 26 Jan 2011 08:38:49 +0000
with message-id <[email protected]>
and subject line Bug#568641: fixed in ntop 3:4.0.3+dfsg1-2
has caused the Debian Bug report #568641,
regarding ntop: access.log is writeable by everyone
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
568641: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=568641
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ntop
Version: 3:3.3-11+b2
Severity: normal
Tags: patch, security
/var/log/access.log is writeable by everyone. The following would fix that:
--- postinst 2008-08-06 17:55:17.000000000 +0200
+++ postinst.new 2010-02-06 14:07:59.000000000 +0100
@@ -35,14 +35,17 @@
adduser --system --group --home /var/lib/ntop $USER
fi
- # make status dir owned by user
if grep -q ^$USER: /etc/passwd; then
+ # make status dir owned by user
chown -Rf $USER /var/lib/ntop
- chown -Rf $USER /var/log/ntop
+ # make log dir owned by user and group
+ chown -Rf $USER: /var/log/ntop
fi
fi
-chmod o-rx /var/lib/ntop
+chmod o= /var/lib/ntop
+# content of log dir inherits group permission
+chmod g+s,o= /var/log/ntop
echo USER=\"$USER\" > $INITCFG
echo INTERFACES=\"$INTERFACES\" >> $INITCFG
-- System Information:
Debian Release: 5.0.4
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-2-686 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
Versions of packages ntop depends on:
ii adduser 3.110 add and remove users and groups
ii debconf [debconf-2. 1.5.24 Debian configuration management sy
ii libc6 2.7-18lenny2 GNU C Library: Shared libraries
ii libcairo2 1.6.4-7 The Cairo 2D vector graphics libra
ii libfontconfig1 2.6.0-3 generic font configuration library
ii libfreetype6 2.3.7-2+lenny1 FreeType 2 font engine, shared lib
ii libgdbm3 1.8.3-3 GNU dbm database routines (runtime
ii libglib2.0-0 2.16.6-3 The GLib library of C routines
ii libpango1.0-0 1.20.5-5 Layout and rendering of internatio
ii libpcap0.8 0.9.8-5 system interface for user-level pa
ii libpixman-1-0 0.10.0-2 pixel-manipulation library for X a
ii libpng12-0 1.2.27-2+lenny2 PNG library - runtime
ii librrd4 1.3.1-4 Time-series data storage and displ
ii libssl0.9.8 0.9.8g-15+lenny6 SSL shared libraries
ii libx11-6 2:1.1.5-2 X11 client-side library
ii libxcb-render-util0 0.2.1+git1-1 utility libraries for X C Binding
ii libxcb-render0 1.1-1.2 X C Binding, render extension
ii libxcb1 1.1-1.2 X C Binding
ii libxml2 2.6.32.dfsg-5+lenny1 GNOME XML library
ii libxrender1 1:0.9.4-2 X Rendering Extension client libra
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
ntop recommends no packages.
Versions of packages ntop suggests:
ii graphviz 2.20.2-3 rich set of graph drawing tools
ii gsfonts 1:8.11+urwcyr1.0.7~pre44-3 Fonts for the Ghostscript interpre
-- debconf information:
* ntop/interfaces: eth0
* ntop/user: ntop
--- End Message ---
--- Begin Message ---
Source: ntop
Source-Version: 3:4.0.3+dfsg1-2
We believe that the bug you reported is fixed in the latest version of
ntop, which is due to be installed in the Debian FTP archive:
ntop-data_4.0.3+dfsg1-2_all.deb
to main/n/ntop/ntop-data_4.0.3+dfsg1-2_all.deb
ntop_4.0.3+dfsg1-2.debian.tar.gz
to main/n/ntop/ntop_4.0.3+dfsg1-2.debian.tar.gz
ntop_4.0.3+dfsg1-2.dsc
to main/n/ntop/ntop_4.0.3+dfsg1-2.dsc
ntop_4.0.3+dfsg1-2_amd64.deb
to main/n/ntop/ntop_4.0.3+dfsg1-2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ludovico Cavedon <[email protected]> (supplier of updated ntop package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 25 Jan 2011 23:39:56 -0800
Source: ntop
Binary: ntop ntop-data
Architecture: source amd64 all
Version: 3:4.0.3+dfsg1-2
Distribution: unstable
Urgency: low
Maintainer: Jordan Metzmeier <[email protected]>
Changed-By: Ludovico Cavedon <[email protected]>
Description:
ntop - display network usage in web browser
ntop-data - display network usage in a web browser (data files)
Closes: 466506 520319 568626 568641 607580 607637 609070
Changes:
ntop (3:4.0.3+dfsg1-2) unstable; urgency=low
.
[ Ludovico Cavedon ]
* Rename maintainer scripts including the package name.
* Remove misplaced ru.po file.
* Add Vcs-* headers.
* Do not call netstat, but read interface list from /proc (Closes: #607637).
* Use "set -e" in maintainer scripts (see lintian warning
maintainer-script-without-set-e).
* Fix bug in check_interfaces() config function.
* ntop.default: avoid prerm failure if package has never been fully
configured.
* Prevent config script failure if password is not asked (Closes: #607580).
* Cleanup postrm script, thanks to J.M.Roth (Closes: #568626):
- do not delete user (might be shared)
- no need to remove /etc/ntop
- wrap db_purge in a debconf availability check
- re-indent
* Add hostname-in-man-description.patch by A. Costa in order to add
hostname:port in the description section of the man page
(Closes: #466506).
* Remove init.cfg from source package, as it is generated by postinst.
* Handle interface "none", merged patch from Jason Healy (Closes: #520319).
* Add dependency on net-tools, needed by the init script.
* Make sure /var/log/ntop is not world readable and set group to adm. Thanks
to J.M.Roth (Closes: #568641).
* Set random password admin password if no password have ever been set
and it is not possible to ask the user (LP: #355127).
* Suggest geoip-database-contrib and add symlinks to its files.
Explained in README.Debian.
* Fix permissions in /var/lib/ntop (LP: #138682). Set sticky bit on
/var/lib/ntop, so ntop user cannot change init.cfg, but can create
subdirectories.
* Disable DNS resolution as it makes ntop unstable.
* Fix detection of not-active interfaces in ntop.init (LP: #231024).
* Update po files.
.
[ Jordan Metzmeier ]
* Set password in postinst instead of config (Closes: #609070)
* Add prompt to reset password if it is already set.
* Update debconf template thanks to reviews by Christian Perrier and
Justin B Rye.
.
[ Daniel Baumann ]
* Correct chown calls in ntop.postinst to not fail upon initial installation
when the respective files are not yet present on the system.
Checksums-Sha1:
df8f0ebd6fa8dc6ce10e823683e01c8760f503d3 2039 ntop_4.0.3+dfsg1-2.dsc
5a5d2947dfa16d0e405f857ddf1805d055a04d58 38526 ntop_4.0.3+dfsg1-2.debian.tar.gz
998dc2b9f826b2c63728c28d1e7283900b4e7ca9 686886 ntop_4.0.3+dfsg1-2_amd64.deb
d8834227d203db636e2a2375eda1a32b8818c850 1097550
ntop-data_4.0.3+dfsg1-2_all.deb
Checksums-Sha256:
f23b459f9a025df1c889f29a2ae989482c5d6574c507a88fe8a2ec725fbfbc4d 2039
ntop_4.0.3+dfsg1-2.dsc
6ec1ba310bbfaca7175afd177175626231b61a3365112c13d88bcbc224828f77 38526
ntop_4.0.3+dfsg1-2.debian.tar.gz
86cc20ab1eb0c2053c421e33e4b54c9133cd1d13c69c8c2e495acc2d1b809d87 686886
ntop_4.0.3+dfsg1-2_amd64.deb
2a4228f119d786f7c27f00e1ea92f0ffdf310ec923eb5abefabd5237ce8264f9 1097550
ntop-data_4.0.3+dfsg1-2_all.deb
Files:
aee480bde616ef7dae5d248fd2e9066b 2039 net optional ntop_4.0.3+dfsg1-2.dsc
aaacb023da260448a0e4d68537a413a7 38526 net optional
ntop_4.0.3+dfsg1-2.debian.tar.gz
a784d9396f8010dde2b15cde443df55a 686886 net optional
ntop_4.0.3+dfsg1-2_amd64.deb
059caa451215d38565abb9f94964765d 1097550 net optional
ntop-data_4.0.3+dfsg1-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBCgAGBQJNP9LlAAoJEBPAtWZ6OLCwEoYQAJkvWFMShNPQvOQCmwZLWdf7
kY7blBDcBNNI6zlmqr3EhArkSYTybkZTW8znFayuGt0FZnJG1pWWwqPc9jg18cSY
jckVnpUy6xgV6diOcM9TIHoqwI1SyxDtP2rRGS58wIqkbDefMn+DU88BNRgnheh6
AK2Kr89lWIAj3UBZi65AR0/VROnnml8ntiDmo4C/ETTY7X+dntAspFDTC7U/P9Z/
0FTFXdHzCcgMtHzj+BWeR0hgZ/xGuf7joJY3CSGHyj3Cm/NmmHs9hO5RG54r8JCJ
5eGIUWROcvBVW/ZEE45gwjhuHiin/OsJCcaM5o7uXdghiPx1RqB3CNapKFkx5Ske
gXf60k2KIJG08EXRIbaVwa6JpfiLmU7TmMLIUu/SCs/idt+mfXSntm7bS/qwvjy2
GaqYAg6iQuWQj7vxSXc4liWhqfOeiW3ZJcwU7KDb7YMtsH3dP2O+vFyUkILTxbSX
YaDvrXhUZRDAJQQTqMWau1CnLtP6kFtJsNdKqeFtBHMdpVngW3LFBb3JOF2mbOkh
AstYSdCNT5CXSc4wSHY1BS15sPoyDCaHmF9X30JUuwiyxcR9+nrycQ6c9rakYMW/
W60KM8x2qBTnSfvJEH+tjQGoihrI4Rf9XZkyETu2jCt0saWidNR34sjnKI+cC3wH
bqK1ry/vMxyusqFTMPon
=p2qu
-----END PGP SIGNATURE-----
--- End Message ---
