On 15.02.23 08:26, Jorge Elissalde via clamav-users wrote:
Freshclam Proxy Password is stored as plain text in Freshclam.conf file.
HTTPProxyPassword myownpassword
Any user is able to read that password.
Is there a chance to store that password encrypted or in another place?
It should be safe to set permissions to freshclam.conf only to be readable
for owner, maybe group, dependending on your system:
-r--r--r-- 1 clamav adm 715 Apr 24 2021 /etc/clamav/freshclam.conf
% ps axuww | grep resh
clamav 2646 0.0 0.0 66864 6380 ? Ss Jan30 0:19
/usr/bin/freshclam -d --quiet --config-file=/etc/clamav/freshclam.conf
--pid=/run/clamav/freshclam.pid
Here, permissions 0400 would be enough.
debian (and so I guess ubuntu) seems to do that automatically if password
is set:
if [ -f "$FRESHCLAMCONFFILE" ] && [ ! -L "$FRESHCLAMCONFFILE" ]; then
# Tighten the permissions up if it contains a password
if [ -n "$ppass" ]; then
chmod 400 $FRESHCLAMCONFFILE
else
chmod 444 $FRESHCLAMCONFFILE
fi
chown "$dbowner":adm $FRESHCLAMCONFFILE
fi
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Fighting for peace is like fucking for virginity...
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
