lpar2rrd Agent Linux x86 getsysuuid.sh Permission
Hello
If you install the lpar2rrd-agent on X86 Linux System a service called "lpar2rrd-agent.service" is configured.
This script getsysuuid.sh runs once after reboot and creates a file called ".uuid" in the home dir of lpar2rrd user. I guess it is used to give lpar2rrd or xormon a chance to match the data from vcenter to the agent data.
Ideas for improvment:
The file ".uuid" should be owned by lpar2rrd and read for others should be removed. In the script getsysuuid.sh is already an "chmod 444". Please add a chown lpar2rrd and chmod 440 to the script.
Reason: Security Standard CIS requires to not have any "for other readable files" in home dirs of users.
The script is startet with "Type=oneshot" and "RemainAfterExit=true". Is there a reason the service should reamain? We would prefere "RemainAfterExit=false"
What is your opinion to this little changes?
Regards Stefan
Comments
-
it will not work generally.
Some users might run the agent under different users, not everybody name its user lpar2rrd.
It some we might not know in the installation phase.
Therefore it is installed under root, then users might run it under whatever user then need.
Rights must be 444 then.
I do understand you, but we cannot do it in that way.
Do it yourself after each agent upgrade.
Service needs to be run only after the reboot, once (the only problem is that ordinary user has no rights to get Linux UUID in any way)
Yep, this will be changed RemainAfterExit=false
Howdy, Stranger!
Categories
- 1.7K All Categories
- 113 XorMon
- 26 XorMon Original
- 169 LPAR2RRD
- 14 VMware
- 19 IBM i
- 2 oVirt / RHV
- 4 MS Windows and Hyper-V
- Solaris / OracleVM
- 1 XenServer / Citrix
- Nutanix
- 8 Database
- 2 Cloud
- 10 Kubernetes / OpenShift / Docker
- 139 STOR2RRD
- 20 SAN
- 7 LAN
- 19 IBM
- 7 EMC
- 12 Hitachi
- 5 NetApp
- 17 HPE
- 1 Lenovo
- 1 Huawei
- 3 Dell
- Fujitsu
- 2 DataCore
- INFINIDAT
- 4 Pure Storage
- Oracle