Package: nsca
Version: 2.7.2
Severity: serious
Installing nsca and answering 'no' to the debcanf question which asks if
you want to run the nsca daemon still results in a running daemon with a
pretty unusual PID:
4294967295 12373 1 0 21:08 ? 00:00:00 /usr/sbin/nsca --daemon -c
/etc/nsca.cfg
I'm filing this as serious as I consider daemons which run and listen on
tcp ports without being configured to do so as a security issue.
Especially when they run with a UID which might b in use otherwise.
I'd guess it tries to use -1 as UID as that was the UID of nobody some
ancient times ago.
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.35.7-think (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages nsca depends on:
ii debconf [debconf-2.0] 1.5.36 Debian configuration management sy
ii libc6 2.11.2-7 Embedded GNU C Library: Shared lib
ii libmcrypt4 2.5.8-3.1 De-/Encryption Library
nsca recommends no packages.
Versions of packages nsca suggests:
pn nagios <none> (no description available)
ii nagios-plugins 1.4.15-2 Plugins for the nagios network mon
ii nagios-plugins-basic 1.4.15-2 Plugins for the nagios network mon
-- Configuration Files:
/etc/init.d/nsca changed:
DAEMON=/usr/sbin/nsca
NAME=nsca
DESC="Nagios Service Check Acceptor"
CONF=/etc/nsca.cfg
OPTS="--daemon -c $CONF"
PIDFILE="/var/run/nsca.pid"
if [ ! -x $DAEMON ]; then
exit 0
fi
get_config(){
grep "^[[:space:]]*$1=" $CONF 2>/dev/null | tail | cut -d= -f2-
}
PIDFILE=`get_config pid_file`
if [ -z "$PIDFILE" ]; then
# then this is the default PIDFILE
PIDFILE="/var/run/nsca.pid"
# run nsca in the foreground, and have s-s-d fork it for us
OPTS="-f $OPTS"
# and then this is how we call SSD
SSD_STARTOPTS="--background --pidfile $PIDFILE --make-pidfile"
SSD_STOPOPTS="--pidfile $PIDFILE"
else
# but if pid_file is set, we don't have to do anything
SSD_STARTOPTS="--pidfile $PIDFILE"
SSD_STOPOPTS="--pidfile $PIDFILE"
fi
SSD_START="/sbin/start-stop-daemon --oknodo -S $SSD_STARTOPTS --exec $DAEMON"
SSD_STOP="/sbin/start-stop-daemon --oknodo -K $SSD_STOPOPTS --exec $DAEMON"
die(){
echo $@
exit 1
}
case "$1" in
start)
echo -n "Starting $DESC: "
if [ ! -d "/var/run/nagios" ]; then
mkdir -p /var/run/nagios || die "ERROR: couldn't create
/var/run/nagios"
fi
$SSD_START -- $OPTS || die "ERROR: could not start $NAME."
echo "$NAME."
;;
stop)
echo -n "Stopping $DESC: "
$SSD_STOP -- $OPTS || die "ERROR: could not stop $NAME."
rm -f $PIDFILE
echo "$NAME."
;;
reload|force-reload)
echo -n "Reloading $DESC: "
$SSD_STOP --signal HUP -- $OPTS || die "ERROR: could not reload $NAME."
echo "$NAME."
;;
restart)
$0 stop
$0 start
;;
esac
/etc/nsca.cfg changed:
pid_file=/var/run/nsca.pid
server_port=5667
nsca_user=nagios
nsca_group=nogroup
debug=0
command_file=/var/lib/nagios3/rw/nagios.cmd
alternate_dump_file=/var/run/nagios/nsca.dump
aggregate_writes=0
append_to_file=0
max_packet_age=30
decryption_method=1
/etc/send_nsca.cfg changed:
encryption_method=1
-- debconf information:
nsca/run-nsca-daemon:
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
