Percona Monitoring Plugins

Introduce more secure location of PHP script configs to harden a Cacti setup (CVE-2014-2569)

Bug #1295006 reported by Roman Vynar on 2014-03-20

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Percona Monitoring Plugins	Fix Released	High	Unassigned	Percona Monitoring Plugins 1.1.3

Bug Description

/usr/share/cacti/scripts/ or /usr/share/cacti/site/scripts/ are not secure locations for the configs containing MySQL password. Let's allow for /etc/cacti/ as the better choice. Also let's add "Hardening Cacti Setup" guide.

Also to address CVE-2014-2569.

See original description

Tags:

Roman Vynar (roman-vynar) on 2014-03-20

Changed in percona-monitoring-plugins:
importance:	Undecided → High
milestone:	none → 1.1.3
tags:	added: cacti security
Changed in percona-monitoring-plugins:
status:	New → In Progress

Roman Vynar (roman-vynar) on 2014-03-21

Changed in percona-monitoring-plugins:
status:	In Progress → Fix Released
summary:	Introduce more secure location of PHP script configs to harden a Cacti - setup + setup (CVE-2014-2569)
description:	updated

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.