store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Thu Dec 18, 2014 1:37 am

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 3 posts ] 
Author Message
 Post subject: Various bugs in the ASL installer
Unread postPosted: Wed Sep 14, 2011 5:21 pm 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Sat Aug 20, 2005 9:30 am
Posts: 2812
Location: The Netherlands
Today I ran the ASL installer (v3.0.2) on a CentOS 6.0 x86_64 server and compiled the following list of bugs/quirks/strange things/remarks. (I don't believe any of these issues are specific to CentOS 6, but I haven't doublechecked.)

1. [BUG?] When choosing to configure the PHP checks, a couple of functions (kill, mkfifo, setpgid, setsid, setuid, proc_close) don't have a default value. Is this on purpose?

2. [REQ] The functions mentioned under 1, except proc_close but including status, don't actually exist under those names. The actual names are posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid and proc_get_status. I'd love to see the actual, complete names of the functions.

3. [BUG] escapeshellcmd got disabled while I chose the default setting, which is to enable it. I needed to manually enable it in /etc/asl/config after running the installer.

4. [REQ/BUG?] curl_exec, curl_multi_exec, pcntl_exec and ftp_exec got disabled automatically, but the configure process never asked about those functions.

5. [BUG] I ended up with EMAIL="" in /etc/asl/config even though I entered an e-mail address for notifications. I had to manually fix this after running the installer.

6. [BUG] The ASL installer fails when yum-plugin-priorities is installed. /etc/yum.repos.d/atomic.repo has priority = 1, but the atomic channel currently does not contain the ossec-hids-2.6-7 package required by ASL. (Also see viewtopic.php?f=3&t=5360)

Some smaller issues:

a. The ASL installer said: "** Horde Webmail or Squirrelmail detected, exec, popen, fsockopen, escapeshellcmd are required **" This is not entirely true. Plesk 10 Horde uses SMTP instead of sendmail when PHP safe_mode is enabled and in that case neither exec or popen are required. Older versions of Plesk may use sendmail by default, but also can be configured to use SMTP instead: set $conf['mailer']['type'] = 'smtp'; in /etc/psa-horde/horde/conf.php (Plesk 8) or /etc/psa-webmail/horde/horde/conf.php (Plesk 9).

b. [REQ] In the PHP section in /etc/asl/config some values are quoted, others are not. This doesn't really cause a problem, but it looks a bit messy. I'd like some consistency in this area. :)

c. [REQ] Show the risk level (low/med/high) when asking the user whether or not to disable a PHP function.

d. [???] After running the ASL installer I found /root/asl-application-inventory.log with the following content:

Code:
Performing an inventory of web applications
  No signatures loaded, skipping checks


e. [???] /etc/asl/config contains both RESTART_APACHE="graceful" and APACHE_RESTART_COMMAND="/etc/init.d/httpd restart". This looks confusing. Are restarts done gracefully or not?

f. [???] /etc/asl/config contains ASL_WEB_CONFIGURED="no", but since ASL 3 the ASL web interface is automatically accessible using the ASL account credentials. Is this setting no longer used?

_________________
Lemonbit Internet Dedicated Server Management


Top
 Profile  
 
 Post subject: Re: Various bugs in the ASL installer
Unread postPosted: Thu Sep 15, 2011 5:47 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7964
Location: earth
This is a great list, do you think you could put these into the bug tracker? That would really speed things up for us.


Top
 Profile  
 
 Post subject: Re: Various bugs in the ASL installer
Unread postPosted: Sun Sep 18, 2011 2:40 pm 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Sat Aug 20, 2005 9:30 am
Posts: 2812
Location: The Netherlands
I opened 12 bugs in the bug tracker (669-680). Enjoy! :)

_________________
Lemonbit Internet Dedicated Server Management


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group