search

Icinga / icinga-core

Icinga 1.x, the old core (EOL 31.12.2018)
GNU General Public License v2.0
45 stars 27 forks source link

Fix source installation permissions (CVE-2017-16882, packages not affected) #1604

Closed dnsmichi closed 6 years ago

dnsmichi commented 6 years ago

This fixes CVE-2017-16882

Packages are not affected, they always set INSTALL_OPTS='' and use their own safe permissions.

fixes #1601

dnsmichi commented 6 years ago

Tested inside the icinga1x-dev box.

make distclean
./configure --with-init-dir=/etc/init.d --with-plugin-dir=/usr/lib64/nagios/plugins --with-command-group=icingacmd
make all
sudo make fullinstall
sudo make install-config

service icinga restart

cat /usr/local/icinga/var/icinga.log
[1513689750] Icinga 1.14.0 starting... (PID=21975)
[1513689750] Local time is Tue Dec 19 13:22:30 UTC 2017
[1513689750] LOG VERSION: 2.0
[1513689750] Finished daemonizing... (New PID=21976)
[1513689750] Event loop started...
[1513689750] error executing command '/usr/lib64/nagios/plugins/check_ping': No such file or directory. Make sure that the file actually exists (in PATH, if set) and is executable!
[1513689767] error executing command '/usr/lib64/nagios/plugins/check_load': No such file or directory. Make sure that the file actually exists (in PATH, if set) and is executable!
[1513689770] SERVICE ALERT: localhost;Current Load;UNKNOWN;SOFT;1;(null)
[1513689790] SERVICE ALERT: localhost;Current Users;UNKNOWN;SOFT;1;(null)
[1513689790] SERVICE ALERT: localhost;HTTP;UNKNOWN;SOFT;1;(null)
[1513689800] HOST ALERT: localhost;DOWN;SOFT;1;(null)
[1513689800] error executing command '/usr/lib64/nagios/plugins/check_users': No such file or directory. Make sure that the file actually exists (in PATH, if set) and is executable!
[1513689810] SERVICE ALERT: localhost;Root Partition;UNKNOWN;HARD;1;(null)
[1513689827] error executing command '/usr/lib64/nagios/plugins/check_load': No such file or directory. Make sure that the file actually exists (in PATH, if set) and is executable!
[1513689830] SERVICE ALERT: localhost;Current Load;UNKNOWN;HARD;2;(null)
[1513689834] error executing command '/usr/lib64/nagios/plugins/check_http': No such file or directory. Make sure that the file actually exists (in PATH, if set) and is executable!
[1513689840] SERVICE ALERT: localhost;SSH;UNKNOWN;HARD;1;(null)
[1513689850] Warning: Return code of 127 for check of service 'Icinga Startup Delay' on host 'localhost' was out of bounds: 'The command defined for service Icinga Startup Delay does not exist
'
[1513689850] SERVICE ALERT: localhost;Icinga Startup Delay;CRITICAL;HARD;1;The command defined for service Icinga Startup Delay does not exist
[1513689860] error executing command '/usr/lib64/nagios/plugins/check_ping': No such file or directory. Make sure that the file actually exists (in PATH, if set) and is executable!
[1513689870] Warning: Return code of 127 for check of service 'Icinga Startup Delay' on host 'localhost' was out of bounds: 'The command defined for service Icinga Startup Delay does not exist
'
[1513689900] error executing command '/usr/lib64/nagios/plugins/check_ping': No such file or directory. Make sure that the file actually exists (in PATH, if set) and is executable!
[1513689910] SERVICE ALERT: localhost;Total Processes;UNKNOWN;HARD;1;(null)
[1513689930] HOST ALERT: localhost;DOWN;SOFT;2;(null)
[1513689934] error executing command '/usr/lib64/nagios/plugins/check_disk': No such file or directory. Make sure that the file actually exists (in PATH, if set) and is executable!