Package: tiger Version: 1:3.2.3-4 Severity: normal Dear Maintainer,
I installed tiger on one of my servers 2 weeks ago (not the system i'm reporting from). It's running with Debian Squeeze. Last night i got an email from it, complaining: # Performing common access checks for root... --FAIL-- [netw018f] Administrative user backup allowed access in /etc/ftpusers --FAIL-- [netw018f] Administrative user ftp allowed access in /etc/ftpusers --FAIL-- [netw018f] Administrative user gkrellmd allowed access in /etc/ftpusers --FAIL-- [netw018f] Administrative user gnats allowed access in /etc/ftpusers --FAIL-- [netw018f] Administrative user irc allowed access in /etc/ftpusers --FAIL-- [netw018f] Administrative user libuuid allowed access in /etc/ftpusers --FAIL-- [netw018f] Administrative user list allowed access in /etc/ftpusers --FAIL-- [netw018f] Administrative user logcheck allowed access in /etc/ftpusers --FAIL-- [netw018f] Administrative user mysql allowed access in /etc/ftpusers --FAIL-- [netw018f] Administrative user ntp allowed access in /etc/ftpusers --FAIL-- [netw018f] Administrative user operator allowed access in /etc/ftpusers --FAIL-- [netw018f] Administrative user postfix allowed access in /etc/ftpusers --FAIL-- [netw018f] Administrative user proxy allowed access in /etc/ftpusers --FAIL-- [netw018f] Administrative user sshd allowed access in /etc/ftpusers --FAIL-- [netw018f] Administrative user www-data allowed access in /etc/ftpusers The problem is, traditionally this file is used to list users which aren't allowed to login with ftp. See ftpusers(5) on the net (looks like Debian doens't deliver this manpage). This means, the check takes wrong assumptions and produces false positives in this case. The ftpd used on my server is vsftpd, a ftp server which will install /etc/ftpusers. It also installs /etc/pam.d/vsftpd and defines the actions taken, if /etc/ftpusers exists, in it. Please check these files and correct the check for /etc/ftpusers in tiger for the upcomming release of Debian. with kind regards Carsten Lüdtke -- System Information: Debian Release: 7.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
