Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 455654 - Review Request: pads - Passive Asset Detection System
Summary: Review Request: pads - Passive Asset Detection System
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Peter Vrabec
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2008-07-16 19:52 UTC by Steve Grubb
Modified: 2008-08-13 22:07 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2008-08-13 22:07:49 UTC
pvrabec: fedora-review+
kevin: fedora-cvs+

Attachments (Terms of Use)

Description Steve Grubb 2008-07-16 19:52:21 UTC
Spec URL:

PADS is a libpcap based detection engine used to passively
detect network assets.  It is designed to complement IDS
technology by providing context to IDS alerts. When new assets
are found, it can send IDMEF alerts via prelude.

Comment 1 Steve Grubb 2008-08-07 14:33:39 UTC
The prelude setup for pads was added as step 13 on

Comment 2 Peter Vrabec 2008-08-08 16:36:47 UTC
$ rpmlint pads-1.2-1.fc9.src.rpm
pads.src: W: strange-permission pads.init 0755
pads.src: W: strange-permission pads.sysconfig 0640

- pads.init and pads.sysconfig might be 0644

$ rpmlint /usr/src/redhat/RPMS/i386/pads-1.2-1.fc9.i386.rpm
pads.i386: E: non-readable /etc/sysconfig/pads 0640
pads.i386: W: non-conffile-in-etc /etc/pads-ether-codes
pads.i386: W: non-conffile-in-etc /etc/pads-signature-list
pads.i386: E: non-readable /etc/pads.conf 0640
pads.i386: W: incoherent-subsys /etc/rc.d/init.d/pads $prog
pads.i386: W: incoherent-subsys /etc/rc.d/init.d/pads $prog
1 packages and 0 specfiles checked; 2 errors, 4 warnings.

- is there a reason why not 0644 for /etc/sysconfig/pads and /etc/pads.conf
- incoherent-subsys? it doesn't seem to me. prog=pads
- non-conffile-in-etc - seems ok to me

Everything else is OK.

Comment 3 Steve Grubb 2008-08-08 18:47:52 UTC
>$ rpmlint pads-1.2-1.fc9.src.rpm
>pads.src: W: strange-permission pads.init 0755
>pads.src: W: strange-permission pads.sysconfig 0640
>- pads.init and pads.sysconfig might be 0644

These are just the src files. I can change them, but I generally make them what they would be when installed. I do set the permission explicitly on install so I can make these 644 if needed.

>$ rpmlint /usr/src/redhat/RPMS/i386/pads-1.2-1.fc9.i386.rpm
>pads.i386: E: non-readable /etc/sysconfig/pads 0640
>- is there a reason why not 0644 for /etc/sysconfig/pads and /etc/pads.conf

It can give out details that non-root users shouldn't see. You can specify what networks to listen too, what uid to run as, what config file to use. I generally believe this info is not required for someone that is not the admin.

Comment 4 Peter Vrabec 2008-08-12 10:26:10 UTC
Steve, change pads.init and pads.sysconfig permissions please. I don't consider it as a blocker, but it will make rpmlint more happy at least.

/etc/sysconfig/pads and /etc/pads.conf
$pgrep pads and I know the user. I can also check which interface is in promisc. mode so I can assume, where is pads listening to. Personally, I feel that there are some more files in /etc that are readable by non root users, even thou it is not needful. If you still stand for the 0640 go ahead, but I wouldn't like to do it until it is not necessary.

Comment 5 Steve Grubb 2008-08-12 12:36:53 UTC
New package uploaded. The permissions for the source files are fixed. I feel strongly that non-admin users should not be able to look at how IDS software is configured. If there are other packages with loose permissions, we will be fixing those at some point. :) Thanks.

Comment 6 Peter Vrabec 2008-08-12 13:12:15 UTC
OK, the package is APPROVED now.

Comment 7 Steve Grubb 2008-08-13 15:22:37 UTC
New Package CVS Request
Package Name: pads
Short Description: Passive Asset Detection System
Owners: sgrubb
Branches: F-9
Cvsextras Commits: no

Comment 8 Kevin Fenzi 2008-08-13 17:23:45 UTC
cvs done. 

Why the cvsextras no?

Comment 9 Steve Grubb 2008-08-13 17:27:51 UTC
Thanks for taking taking care of cvs. pads is a security program that we've interfaced to IDS software. I was going to add other comitters from the security team to help keep an eye on it.

Comment 10 Steve Grubb 2008-08-13 22:07:49 UTC
pads was built in rawhide...closing bug. Thanks for the review.

Note You need to log in before you can comment on or make changes to this bug.