Some Veritas files in the /var/VRTSvcs directory are world-writable, which may trigger an alert during a security audit
Article ID: 100021110
Updated On:
Description
Error Message
# ls -la /opt/VRTSvcs/gui/VxEAT
total 18
drwxrwxrwx 7 root other 512 Nov 23 2009 . <<< 0777 permission
drwxrwxr-x 6 root sys 512 Oct 21 10:14 ..
-rwxrwxrwx 1 bin root 537 Apr 21 2009 Copyright
drwxrwxrwx 2 root other 512 Nov 23 2009 bin
-rwxrwxrwx 1 bin root 14 Apr 21 2009 build_version
drwxrwxrwx 6 root other 512 Nov 23 2009 catalog
drwxrwxrwx 3 root other 512 Nov 23 2009 etc
drwxrwxrwx 2 root other 512 Nov 23 2009 lib
drwxrwxrwx 3 root other 512 Nov 23 2009 opt
Cause
The following files are world-writeable:
drwxrwxrwt root root /var/VRTSat_lhc
drwxrwxrwt root root /var/VRTSat/profiles
drwxrwxrwx root root /opt/VRTSvcs/gui/messages
drwxrwxrwx root root /var/VRTSvcs/gui/attrpool/Aix
drwxrwxrwx root root /var/VRTSvcs/gui/attrpool/HP-UX
drwxrwxrwx root root /var/VRTSvcs/gui/attrpool/Linux
drwxrwxrwx root root /var/VRTSvcs/gui/attrpool/Solaris
drwxrwxrwx root root /var/VRTSvcs/gui/attrpool/W2K
drwxrwxrwx root root /var/VRTSvcs/gui/attrpool/WINNT
rw-rw-rw- root root /opt/VRTSvcs/gui/lib/config.properties
drwxrwxrwt root root /var/VRTSat/profiles
drwxrwxrwx root root /opt/VRTSvcs/gui/messages
drwxrwxrwx root root /var/VRTSvcs/gui/attrpool/Aix
drwxrwxrwx root root /var/VRTSvcs/gui/attrpool/HP-UX
drwxrwxrwx root root /var/VRTSvcs/gui/attrpool/Linux
drwxrwxrwx root root /var/VRTSvcs/gui/attrpool/Solaris
drwxrwxrwx root root /var/VRTSvcs/gui/attrpool/W2K
drwxrwxrwx root root /var/VRTSvcs/gui/attrpool/WINNT
rw-rw-rw- root root /opt/VRTSvcs/gui/lib/config.properties
Resolution
These files are only used for the Veritas Cluster Server Simulator. File permissions for the above listed files may be changed to more restrictive values (e.g. 0755) without affecting any other part of the installed Veritas product(s).
Additionally, the issue is fixed in 5.0 MP3 RP3 release or later. Please download the latest patch from the Veritas Operation Readiness Tools website.
Note: there is a regression of the incident in the VRTScscm version 6.0 which is downloadable from the Veritas website. Please see the related article 000016266 and HOWTO77017. The problem will be fixed in the next VRTScscm version.
Applies To
VCS Java Console (also called Cluster Monitor or Cluster Manager) on Linux platform. The Unix package name is VRTScscm.
Issue/Introduction
Some Veritas files in the /var/VRTSvcs directory are world-writable, which may trigger an alert during a security audit.
Additional Information
ETrack: 1878276
Was this article helpful?
Yes
No
Powered by
