securing cacti

lipos · Post by **lipos** » Thu Sep 18, 2008 5:07 am

I just set up my test cacti server and it's working so well that I'm thinking about moving it to the production environment. I'm running it as root and I will liek to change it to cactiuser. ANy idea about the steps that I should take?

Also, do you guys know some cacti voulnearabilities that should be take under a consideration in a production server?

Post by **gandalf** » Thu Sep 18, 2008 2:00 pm

lipos wrote:I just set up my test cacti server and it's working so well that I'm thinking about moving it to the production environment. I'm running it as root and I will liek to change it to cactiuser. ANy idea about the steps that I should take?

That's a bad approach; running as root is not required in any circumstance.
You will have to change the crontab to use cactiuser instead of root (which crontab do you use?)
You will have to change ownership of all rrd files in the rra folder to cactiuser and the folder itself as well.
You will have to pay attention to execute permissions of scripts. Make sure, cactiuser is allowed to execute them.
Then, please pay attention, if any script uses restricted commands that are only available to root.
Make sure all files in the log folder are owned by cactiuser, allow write access for cactiuser.

Also, do you guys know some cacti voulnearabilities that should be take under a consideration in a production server?

To be honest: Do you REALLY think if there was any vulnerability that we would discuss it in the public instead of fixing it?

Reinhard

lipos · Post by **lipos** » Fri Sep 19, 2008 5:36 am

Thank you!

Cacti

securing cacti

securing cacti

Re: securing cacti

Who is online