m.roth at 5-cent.us
2015-Aug-12 13:28 UTC
[CentOS] Odd problem with updates to the recent CR
Jonathan Billings wrote:> On Tue, Aug 11, 2015 at 12:59:58PM -0400, m.roth at 5-cent.us wrote: >> So, since I haven't yet found where /var/log/httpd is created, what >> would >> a default package make the ownership of the directory? Does it expect it >> to be apache:root? > > Just a data point: > > $ rpm -qp --qf='[%-11{filemodes:perms} %-8{fileusername} > %-8{filegroupname} %{filenames}\n]' httpd-2.2.15-45.el6.x86_64.rpm | grep > /var/log/httpd > > drwx------ root root /var/log/httpd >Yeah, well, SiteMinder runs as a child of the httpd started by service start, so it runs as apache. Ask me how much I think of SiteMinder... offlist, if you want the rant.... mark !@#$@!#$!@#~!@
> Date: Wednesday, August 12, 2015 09:28:59 -0400 > From: m.roth at 5-cent.us > > Jonathan Billings wrote: >> On Tue, Aug 11, 2015 at 12:59:58PM -0400, m.roth at 5-cent.us wrote: >>> So, since I haven't yet found where /var/log/httpd is created, >>> what would >>> a default package make the ownership of the directory? Does it >>> expect it to be apache:root? >> >> Just a data point: >> >> $ rpm -qp --qf='[%-11{filemodes:perms} %-8{fileusername} >> %-8{filegroupname} %{filenames}\n]' >> httpd-2.2.15-45.el6.x86_64.rpm | grep /var/log/httpd >> >> drwx------ root root /var/log/httpd >> > Yeah, well, SiteMinder runs as a child of the httpd started by > service start, so it runs as apache. > > Ask me how much I think of SiteMinder... offlist, if you want the > rant.... > > mark !@#$@!#$!@#~!@ >That's "fine" (within context), but then it shouldn't be able to write to files in the /var/log/httpd directory. [from something you posted I got the sense that it owned that directory, which is even worse (especially for a "security tool"), if that was correct.] Assuming any ability to configure things, change it's logging to an application-specific directory. The long-and-short is that at some point someone/thing changed the permissions (and maybe ownerships) on /var/log/httpd from the defaults. [something that i would have assumed would have gone into your change-management system.]
On 08/12/2015 09:21 AM, Richard wrote:> The long-and-short is that at some point someone/thing changed the > permissions (and maybe ownerships) on /var/log/httpd from the > defaults. [something that i would have assumed would have gone into > your change-management system.]I'm willing to bet a fairly substantial sum that it was the SiteMinder installation script. -- =======================================================================Ian Pilcher arequipeno at gmail.com -------- "I grew up before Mark Zuckerberg invented friendship" -------- ========================================================================