Package: tiger
Version: 1:3.2.1-35
Severity: minor
Hello,
check_apache says that my apache is not bound to a specific IP address,
but it is.
# /usr/lib/tiger/scripts/check_apache
Configuring...
Will try to check using config for 'i686' running Linux 2.6.21-2-k7...
--CONFIG-- [con005c] Using configuration files for Linux 2.6.21-2-k7. Using
configuration files for generic Linux 2.
# Checking apache configuration files...
/usr/bin/cut: invalid byte or field list
Try `/usr/bin/cut --help' for more information.
--WARN-- [apa001w]
The Apache server is not configured to be bound to an specific IP
address.
# netstat -anp | grep apache
tcp 0 0 127.0.0.1:80 0.0.0.0:* LISTEN
7010/apache
unix 3 [ ] STREAM VERBUNDEN 66126 8547/apache
# grep -i listen /etc/apache/httpd.conf | grep -v "^#"
Listen 127.0.0.1:80
Trying to debug this I applied the attached patch to your check_apache,
which gives me the following output:
/home/martin/temp# bash check_apache
Configuring...
Will try to check using config for 'i686' running Linux 2.6.21-2-k7...
--CONFIG-- [con005c] Using configuration files for Linux 2.6.21-2-k7. Using
configuration files for generic Linux 2.
# Checking apache configuration files...
+ '[' -f /etc/apache/httpd.conf ']'
+ /bin/grep '^Listen' /etc/apache/httpd.conf
+ read listen ipaddr
++ echo 127.0.0.1:80
++ /usr/bin/cut -d : -f 2
+ port=80
++ echo 127.0.0.1:80
++ /bin/sed -e 's/:.*$//'
+ ipaddr=127.0.0.1
+ echo 127.0.0.1 80
127.0.0.1 80
+ read listen ipaddr
+ echo
+ '[' -z '' -o -z '' ']'
+ message WARN apa001w 'The Apache server is not configured to be bound to an
specific IP address.'
[...]
It seems that:
1) Someone has mixed d and f in the cut command
2) The variables port and ipaddr are reseted by leaving the while loop
Thanks,
Martin
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (900, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.21-2-k7
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)
Versions of packages tiger depends on:
ii binutils 2.17-3 The GNU assembler, linker and bina
ii coreutils 5.97-5.3 The GNU core utilities
ii debconf [debconf-2.0] 1.5.11 Debian configuration management sy
ii diff 2.8.1-11 File comparison utilities
ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries
ii net-tools 1.60-17 The NET-3 networking toolkit
Versions of packages tiger recommends:
pn chkrootkit <none> (no description available)
ii exim4-daemon-light [mail-tran 4.63-17 lightweight exim MTA (v4) daemon
pn john <none> (no description available)
-- debconf information:
* tiger/mail_rcpt: martin
tiger/remove_mess: true
* tiger/policy_adapt:
--- /usr/lib/tiger/scripts/check_apache 2006-11-30 23:11:58.000000000 +0100
+++ check_apache 2007-08-09 13:02:04.000000000 +0200
@@ -87,24 +87,30 @@
haveallcmds GREP AWK CAT SED CUT || exit 1
haveallfiles APACHECONFDIR BASEDIR WORKDIR || exit 1
+set -x
# First check if Apache is bound to use only an IP address
[ -f $APACHECONFDIR/httpd.conf ] && {
$GREP ^Listen $APACHECONFDIR/httpd.conf |
while read listen ipaddr
do
- port=`echo $ipaddr | $CUT -f : -d 2`
+ port=`echo $ipaddr | $CUT -d : -f 2`
ipaddr=`echo $ipaddr | $SED -e 's/:.*$//'`
+ echo $ipaddr $port
done
# TODO: this check should warn only if this is a multihomed host
# (we probably need to check this in other places so a utils function
# 'amImultihome' might be useful)
+ echo $ipaddr $port
if [ -z "$port" -o -z "$ipaddr" ]; then
message WARN apa001w "The Apache server is not configured to be bound to an specific IP address."
else
message INFO apa001w "The Apache server is configured to listen only on address $ipaddr port $port."
fi
}
+
+exit 0
+
# Now check options
# we need to do this for all possible configuration files
# Options that might be a securityrisk are FollowSymlinks, Indexes,
