[Bug 746042] New: Errrors in seccheck 2.0-670.3.1 Security-Check Scripts
https://bugzilla.novell.com/show_bug.cgi?id=746042 https://bugzilla.novell.com/show_bug.cgi?id=746042#c0 Summary: Errrors in seccheck 2.0-670.3.1 Security-Check Scripts Classification: openSUSE Product: openSUSE 12.1 Version: Final Platform: i586 OS/Version: openSUSE 12.1 Status: NEW Severity: Normal Priority: P5 - None Component: Other AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: ainars.dambis@ast.lv QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 1.1.4322; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2; NET4.0C; .NET4.0E) 1. RPM database check fails, MD5 flag ("5") now is in first position and not in third as in script (rpm -Va) 2. Mount points do not include ext4 mounts, so file related functions are skipped. Reproducible: Always Steps to Reproduce: run /usr/lib/secchk/security-control.sh weekly Actual Results: Zero lengt of: /var/lib/secchk/data/devices /var/lib/secchk/data/rpm-md5 Expected Results: device list in /var/lib/secchk/data/devices changed files in /var/lib/secchk/data/rpm-md5 # grep -n -C 2 -E "xfs \/|\^\.\.5|no_run-if-empty" /usr/lib/secchk/security-weekly.sh 43- 44-# get the ext2 and reiserfs mount points 45:MNT=`/bin/mount | awk '/ ext2 | reiserfs | ext3 | jfs | xfs / {print$3}' | grep -v "/media" | xargs -s 4000 echo "/dev/"` 46- 47-test -z "$MAILER" && test -x "/usr/sbin/sendmail" && MAILER="/usr/sbin/sendmail" -- 120- 121-# md5 check 122:nice -n 1 rpm -Va 2> /dev/null | grep '^..5' > "$SEC_DATA/rpm-md5.new" 123-diff -uw "$SEC_DATA/rpm-md5" "$SEC_DATA/rpm-md5.new" | \ 124- egrep -v '^\+\+\+ |^--- |^$|^@@' | sed 's/^[+-]/& /' > "$OUT" --------------------- repair: 1. look for line beginning with 5 sed -i "s/\^\.\.5/\^5/g" /usr/lib/secchk/security-weekly.sh 2. add "ext4" to MNT sed -i "s/ xfs \// xfs \| ext4 \//g" /usr/lib/secchk/security-weekly.sh -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=746042 https://bugzilla.novell.com/show_bug.cgi?id=746042#c Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team-screening@forge.pr |thomas@suse.com |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=746042 https://bugzilla.novell.com/show_bug.cgi?id=746042#c Thomas Biege <thomas@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P4 - Low Status|NEW |ASSIGNED -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=746042 https://bugzilla.novell.com/show_bug.cgi?id=746042#c1 Thomas Biege <thomas@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #1 from Thomas Biege <thomas@suse.com> 2012-05-31 16:29:13 CEST --- Thanks for the detailed description. I submitted a new package to openSUSE:Factory.
osc request show 123087 Request: #123087
submit: home:thomasbiege:branches:security/seccheck(cleanup) -> security Message: fixed bnc#746042 for new rpm -Vs output and handle all fs types now If something doesn't work, please reopen this bug. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=746042 https://bugzilla.novell.com/show_bug.cgi?id=746042#c2 --- Comment #2 from Bernhard Wiedemann <bwiedemann@suse.com> 2012-05-31 18:00:09 CEST --- This is an autogenerated message for OBS integration: This bug (746042) was mentioned in https://build.opensuse.org/request/show/123108 Factory / seccheck -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=746042 https://bugzilla.novell.com/show_bug.cgi?id=746042#c3 --- Comment #3 from Swamp Workflow Management <swamp@suse.de> 2012-07-16 12:09:03 UTC --- openSUSE-RU-2012:0878-1: An update that has two recommended fixes can now be installed. Category: recommended (low) Bug References: 746042,769770 CVE References: Sources used: openSUSE 12.1 (src): seccheck-2.0-670.6.1 openSUSE 11.4 (src): seccheck-2.0-668.673.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=746042 https://bugzilla.novell.com/show_bug.cgi?id=746042#c4 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard| |maint:running:49326:low --- Comment #4 from Swamp Workflow Management <swamp@suse.de> 2012-09-21 01:18:03 UTC --- The SWAMPID for this issue is 49326. This issue was rated as low. Please submit fixed packages until 2012-10-19. Also create a patchinfo file using this link: https://swamp.suse.de/webswamp/wf/49326 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=746042 https://bugzilla.novell.com/show_bug.cgi?id=746042#c Thomas Biege <thomas@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |thomas@suse.com AssignedTo|thomas@suse.com |mweckbecker@suse.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=746042 https://bugzilla.novell.com/show_bug.cgi?id=746042#c5 --- Comment #5 from Matthias Weckbecker <mweckbecker@suse.com> 2012-10-01 10:55:37 CEST --- There are even two bugs in one. The second bug does also make sense to include in SUSE_SLE-11_Update_Test, because SP2 contains ext4.ko. And it can be easily added. The first bug, however, does not seem to be necessary for any enterprise linux at all. openSUSE has already been fixed according to c#1 and c#3 by Thomas. Thank you! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=746042 https://bugzilla.novell.com/show_bug.cgi?id=746042#c6 --- Comment #6 from Matthias Weckbecker <mweckbecker@suse.com> 2012-10-01 11:08:40 CEST ---
There are even two bugs in one. The second bug does also make sense to include in SUSE_SLE-11_Update_Test, because SP2 contains ext4.ko. And it can be easily added.
Correction: It's already included. So we're done here. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=746042 https://bugzilla.novell.com/show_bug.cgi?id=746042#c7 --- Comment #7 from Matthias Weckbecker <mweckbecker@suse.com> 2012-10-01 12:17:50 CEST --- Oops, I have just noticed that the patch for the first issue has also been added in 11.4 by accident. This is wrong, probably breaking the md5 check. On 11.4 the md5 check remains to be in the third column, whereas 12.x it's moved to the first column. Will need to revert it. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=746042 https://bugzilla.novell.com/show_bug.cgi?id=746042#c10 --- Comment #10 from Bernhard Wiedemann <bwiedemann@suse.com> 2012-10-10 22:00:21 CEST --- This is an autogenerated message for OBS integration: This bug (746042) was mentioned in https://build.opensuse.org/request/show/137783 Evergreen:11.2 / seccheck -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=746042 https://bugzilla.novell.com/show_bug.cgi?id=746042#c11 --- Comment #11 from Bernhard Wiedemann <bwiedemann@suse.com> 2012-10-19 08:00:45 CEST --- This is an autogenerated message for OBS integration: This bug (746042) was mentioned in https://build.opensuse.org/request/show/138780 Evergreen:11.2 / seccheck -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=746042 https://bugzilla.novell.com/show_bug.cgi?id=746042#c12 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:49326:low |maint:running:49326:low | |maint:released:sle11-sp2:49 | |477 --- Comment #12 from Swamp Workflow Management <swamp@suse.de> 2012-11-22 20:01:50 UTC --- Update released for: seccheck Products: SLE-SERVER 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP2 (i386, x86_64) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=746042 https://bugzilla.novell.com/show_bug.cgi?id=746042#c Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:49326:low |maint:released:sle11-sp2:49 |maint:released:sle11-sp2:49 |477 |477 | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=746042 https://bugzilla.novell.com/show_bug.cgi?id=746042#c13 Thomas Biege <thomas@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |FIXED --- Comment #13 from Thomas Biege <thomas@suse.com> 2013-11-14 15:47:51 CET --- done -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com