Package: munin Version: 1.4.6-1 Severity: wishlist Munin installs itself into /etc/apache2/conf.d, which makes Apache automatically load access rules for the Munin configuration for every address in Apache. This is both unexpected and insecure. The problem is the following line in the postinst script:
ln -s ../../munin/apache.conf /etc/$webserver/conf.d/munin For this purpose, /etc/apache2/mods-available exists. If Munin would insert its Apache configuration here, it would not be autoloaded, but would still be easily loaded using "a2enmod munin". Therefore, I would like to request for the above line to be changed to: ln -s ../../munin/apache.conf /etc/$webserver/mods-available/munin This makes Munin installation behave as expected. If you want, you can display installation hints as to "a2enmod munin" for adding a '/munin' to every host Apache serves. -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=nl_NL.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages munin depends on: ii adduser 3.113 ii cron 3.0pl1-120 ii libdigest-md5-perl <none> ii libhtml-template-perl 2.10-1 ii liblog-log4perl-perl 1.29-1 ii librrds-perl 1.4.3-3.1+b2 ii libstorable-perl <none> ii munin-common 1.4.6-1 ii perl [libtime-hires-perl] 5.12.4-6 ii perl-modules 5.12.4-6 ii rrdtool 1.4.3-3.1+b2 ii ttf-dejavu 2.33-2 Versions of packages munin recommends: ii libdate-manip-perl 6.25-1 ii munin-node 1.4.6-1 Versions of packages munin suggests: ii apache2-mpm-itk [httpd] 2.2.21-2 ii elinks [www-browser] 0.12~pre5-4 ii libnet-ssleay-perl 1.42-1 ii links [www-browser] 2.3-1 -- Configuration Files: /etc/munin/apache.conf changed [not included] /etc/munin/munin.conf changed [not included] -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
