It was reported to Ubuntu that ntop creates the access log world-writable when the --access-log-file option is used.
This option is not used in Fedora or Red Hat by default and is not noted in the configuration file. It is, however, noted in the ntop manpage. It would require the root user to add this option to the configuration in order for this file to be created.
It was reported to Ubuntu that ntop creates the access log world-writable when the --access-log-file option is used.
This option is not used in Fedora or Red Hat by default and is not noted in the configuration file. It is, however, noted in the ntop manpage. It would require the root user to add this option to the configuration in order for this file to be created.
This is a low severity issue.
A possible fix would be the following patch:
--- http.c.org 2009-03-16 16:28:10.000000000 -0700 r(void) {
+++ http.c 2009-03-16 16:27:55.000000000 -0700
@@ -1298,6 +1298,7 @@ void printHTMLtraile
void initAccessLog(void) {
if(myGlobals .runningPref. accessLogFile) { accessLogFd = fopen(myGlobals .runningPref. accessLogFile, "a"); myGlobals. accessLogFd == NULL) {
traceEvent( CONST_TRACE_ ERROR, "Unable to create file %s. Access log is disabled.",
+ umask(0137);
myGlobals.
if(