In <user-3cd401e9a937@xymon.invalid> "Kauffman, Tom" <user-3feba9e60a8b@xymon.invalid> writes:
Well, among other things - the file that went missing was a crontab . . .
I've built a small perl script to get the data and dump it out to the clien=
t data stream; hobbit runs it via sudo. I'm also looking at logfetch.c, the=
hobbit program that does the process. I can see Henrik has thought about t=
his, because the code to get and drop root permissions is present - bracket=
ed by ifdefs for 'BIG_SECURITY_HOLE'.
I need to satisfy myself about the logfetch code, and then I think a recomp=
ile may be in order.
The BIG_SECURITY_HOLE shows up because logfetch has no way of validating
that it is using a configuration file that hasn't been tampered with. So
if you run logfetch as root, you can feed it a config file listing secret
files that you want to read (like /etc/shadow), and it will happily read them
for you and put the contents into the Hobbit client-message. Not good ...
A custom status-check might be the simplest way of doing what you want.
Henrik