Issue 63 in hntool: Apache module duplicates checks.
hnt...@googlecode.com
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 63 by gugafer51: Apache module duplicates checks.
http://code.google.com/p/hntool/issues/detail?id=63
What steps will reproduce the problem?
1.Install apache2 in debian (apt-get install apache2)
2.Clone hntool from repo
3.Execute hntool
What is the expected output? What do you see instead?
I see duplicate checks for the following items: LimitRequestBody,
LimitRequestFields, LimitRequestFieldsize and LimitRequestLine.
What version of the product are you using? On what operating system?
Apache/2.2.9, Debian 5.0, hntool 0.1.2
Please provide any additional information below.
In my default installation of apache were created apache2.conf and
conf.d/security. I made some tests and for each conf file from the
required_files` list in apache.py, checking for those items is duplicated
in the report.
hnt...@googlecode.com
Status: Accepted
Owner: linux.rafa
Comment #1 on issue 63 by hugodoria: Apache module duplicates checks.
http://code.google.com/p/hntool/issues/detail?id=63
Hi gugafer51,
Thanks for you report. This seems to be an easy fix. We just have to make
sure that HnTool only check on file from "required_files".
Rafael,
Can you patch this?
hnt...@googlecode.com
Comment #2 on issue 63 by gugafer51: Apache module duplicates checks.
http://code.google.com/p/hntool/issues/detail?id=63
Hey Rafael,
I'm not sure now, but I think security is a complement of apache2.conf, so
we have to check both.
I was thinking of consolidating the contents of all conf files in 'lines'.
I'll try to do this and post a patch here!
Gustavo
hnt...@googlecode.com
Comment #3 on issue 63 by linux.rafa: Apache module duplicates checks.
http://code.google.com/p/hntool/issues/detail?id=63
Hi Guga,
Thanks for your help, I am wating your patch.
I don't have time to do that these days.
hnt...@googlecode.com
Comment #4 on issue 63 by gugafer51: Apache module duplicates checks.
http://code.google.com/p/hntool/issues/detail?id=63
Rafael,
I corrected the problem about read more than one conf file, but I found
another in verifying if the parameter exist in the conf file.
The problem is this code: `if 'LimitRequestBody' in lines:` and others like
this. It always gonna be False. It must validate all content of the line,
like `if 'ServerSignature Off' in lines:`.
The question is: should I send the patch now or correct this first?
Guga
hnt...@googlecode.com
Comment #5 on issue 63 by linux.rafa: Apache module duplicates checks.
http://code.google.com/p/hntool/issues/detail?id=63
Guga,
You can your fix request for both possible problems, but send one patch per
problem.
Thanks!
hnt...@googlecode.com
Comment #6 on issue 63 by gugafer51: Apache module duplicates checks.
http://code.google.com/p/hntool/issues/detail?id=63
Hi Rafael,
Sorry about the late.
Please verify if the diff file was generate correctly. It's the first time
I do this.
Attachments:
hntool.diff 14.2 KB
hnt...@googlecode.com
Comment #7 on issue 63 by linux.rafa: Apache module duplicates checks.
http://code.google.com/p/hntool/issues/detail?id=63
The "Timeout is not using harmful value" still appear two time.
Can you fix it too?
hnt...@googlecode.com
Comment #8 on issue 63 by linux.rafa: Apache module duplicates checks.
http://code.google.com/p/hntool/issues/detail?id=63
I found the solution
Please add break statement after "if" check. Ex:
# Checking Timeout less than 300
tvalue = 300
for line in lines:
if line.startswith('Timeout') is True:
piece = line.split(' ')
if int(piece[1]) <= tvalue:
check_results['ok'].append(
'Timeout is not using harmful value (>=%s)'
% (tvalue)
)
break
Did you got?
Please add break in all condition or that problem will remains
I don't know if there is better solution, if you know, please show us.
Another observation, please move "from symbol import with_stmt" and put
after "from HnTool.modules.rule import MasterRule"
hnt...@googlecode.com
Comment #9 on issue 63 by gugafer51: Apache module duplicates checks.
http://code.google.com/p/hntool/issues/detail?id=63
For me the Timeout is working well.
Did you verify if exist more than one Timeout directive in your conf files?
This is the only case when it happens to me.
I made the change in the import session.
hnt...@googlecode.com
Comment #10 on issue 63 by linux.rafa: Apache module duplicates checks.
http://code.google.com/p/hntool/issues/detail?id=63
I tried with two apache files, with same content.
I debian there is a simbolic link from /etc/apache/apache.conf to
/etc/apache/http.conf.
We should sanitize this possible error.
Can you please modify your patch?
You can modify the solution, but we can't avoid fix this problem
Thanks!
hnt...@googlecode.com
Cc: gugafer51
Comment #11 on issue 63 by linux.r...@gmail.com: Apache module duplicates
checks.
http://code.google.com/p/hntool/issues/detail?id=63
Guga,
Can you send the patch with import correction?