Инструменты пользователя
freebsd:cacti
Различия
Здесь показаны различия между двумя версиями данной страницы.
| Предыдущая версия справа и слева Предыдущая версия Следующая версия | Предыдущая версия | ||
|
freebsd:cacti [2020/01/07 07:40] alex |
freebsd:cacti [2021/11/13 16:54] (текущий) alex |
||
|---|---|---|---|
| Строка 286: | Строка 286: | ||
| mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p mysql | mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p mysql | ||
| - | В папке ///var/log/cacti// создаю файл для логов **log** | + | В папке ///var/log/cacti// создаю файл для логов **log** и задаю права доступа www:www |
| - | | + | touch /var/log/cacti/log |
| + | Меняю права доступа к папке cacti | ||
| + | chown -R www:www /usr/local/share/cacti/ | ||
| + | |||
| + | Создаю папку и меняю права доступа | ||
| + | mkdir -p /usr/local/share/cacti/log/ | ||
| + | chown -R www:www /usr/local/share/cacti/log/ | ||
| В браузере набираю cacti.klotik.ru. На приглашение логина и пароля набираю **admin/admin**. Cacti предложит сменить пароль. | В браузере набираю cacti.klotik.ru. На приглашение логина и пароля набираю **admin/admin**. Cacti предложит сменить пароль. | ||
| + | |||
| + | Input Validation Whitelist Protection | ||
| + | Cacti Data Input methods that call a script can be exploited in ways that a non-administrator can perform damage | ||
| + | to either files owned by the poller account, and in cases where someone runs the Cacti poller as root, can | ||
| + | compromise the operating system allowing attackers to exploit your infrastructure. | ||
| + | | ||
| + | Therefore, several versions ago, Cacti was enhanced to provide Whitelist capabilities on the these types of Data | ||
| + | Input Methods. Though this does secure Cacti more thouroughly, it does increase the amount of work required by | ||
| + | the Cacti administrator to import and manage Templates and Packages. | ||
| + | | ||
| + | The way that the Whitelisting works is that when you first import a Data Input Method, or you re-import a Data | ||
| + | Input Method, and the script and or aguments change in any way, the Data Input Method, and all the corresponding | ||
| + | Data Sources will be immediatly disabled until the administrator validates that the Data Input Method is valid. | ||
| + | | ||
| + | To make identifying Data Input Methods in this state, we have provided a validation script in Cacti's CLI | ||
| + | directory that can be run with the following options: | ||
| + | | ||
| + | php -q input_whitelist.php --audit - This script option will search for any Data Input Methods that are currently | ||
| + | banned and provide details as to why. | ||
| + | php -q input_whitelist.php --update - This script option un-ban the Data Input Methods that are currently banned. | ||
| + | php -q input_whitelist.php --push - This script option will re-enable any disabled Data Sources. | ||
| + | It is strongly suggested that you update your config.php to enable this feature by uncommenting the | ||
| + | $input_whitelist variable and then running the three CLI script options above after the web based install has completed. | ||
| + | | ||
| + | Check the Checkbox below to acknowledge that you have read and understand this security concern | ||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| === Обновление старого cacti === | === Обновление старого cacti === | ||
freebsd/cacti.1578382838.txt.gz · Последние изменения: 2020/01/07 07:40 — alex
Инструменты страницы
Если не указано иное, содержимое этой вики предоставляется на условиях следующей лицензии: GNU Free Documentation License 1.3
