[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Jailkit-users] jk_check - hashlib/PREFIX (solved in cvs).
|
From: |
tiri |
|
Subject: |
Re: [Jailkit-users] jk_check - hashlib/PREFIX (solved in cvs). |
|
Date: |
Sat, 05 Feb 2011 11:28:56 +0100 |
|
User-agent: |
Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7 |
Ok, I now changed (only) jk_check to cvs version.
It is working:
jk_check -v -c /etc/jailkit/jk_check.ini /home/sftproot
testing basedir /home/sftproot/
/home
testing directory permissions for /home/sftproot/
testing directory permissions for /home/sftproot/usr/
testing directory permissions for /home/sftproot/usr/libexec/
testing directory permissions for /home/sftproot/usr/libexec/openssh/
comparing /home/sftproot/usr/libexec/openssh/sftp-server and
/usr/libexec/openssh/sftp-server
testing file permissions for /home/sftproot/usr/libexec/openssh/sftp-server
testing directory permissions for /home/sftproot/usr/bin/
comparing /home/sftproot/usr/bin/scp and /usr/bin/scp
testing file permissions for /home/sftproot/usr/bin/scp
testing directory permissions for /home/sftproot/usr/sbin/
comparing /home/sftproot/usr/sbin/jk_lsh and /usr/sbin/jk_lsh
ERROR: /home/sftproot/usr/sbin/jk_lsh and /usr/sbin/jk_lsh have a
different size!
testing file permissions for /home/sftproot/usr/sbin/jk_lsh
testing directory permissions for /home/sftproot/usr/lib64/
comparing /home/sftproot/usr/lib64/liblber-2.4.so.2 and
/usr/lib64/liblber-2.4.so.2
testing file permissions for /home/sftproot/usr/lib64/liblber-2.4.so.2
comparing /home/sftproot/usr/lib64/libsasl2.so.2.0.23 and
/usr/lib64/libsasl2.so.2.0.23
testing file permissions for /home/sftproot/usr/lib64/libsasl2.so.2.0.23
comparing /home/sftproot/usr/lib64/libcrypto.so.10 and
/usr/lib64/libcrypto.so.10
testing file permissions for /home/sftproot/usr/lib64/libcrypto.so.10
comparing /home/sftproot/usr/lib64/libldap-2.4.so.2 and
/usr/lib64/libldap-2.4.so.2
testing file permissions for /home/sftproot/usr/lib64/libldap-2.4.so.2
comparing /home/sftproot/usr/lib64/libldap-2.4.so.2.5.2 and
/usr/lib64/libldap-2.4.so.2.5.2
testing file permissions for /home/sftproot/usr/lib64/libldap-2.4.so.2.5.2
comparing /home/sftproot/usr/lib64/libwbclient.so.0 and
/usr/lib64/libwbclient.so.0
testing file permissions for /home/sftproot/usr/lib64/libwbclient.so.0
comparing /home/sftproot/usr/lib64/libssl.so.10 and /usr/lib64/libssl.so.10
testing file permissions for /home/sftproot/usr/lib64/libssl.so.10
comparing /home/sftproot/usr/lib64/libtalloc.so.2.0.1 and
/usr/lib64/libtalloc.so.2.0.1
testing file permissions for /home/sftproot/usr/lib64/libtalloc.so.2.0.1
comparing /home/sftproot/usr/lib64/libnss3.so and /usr/lib64/libnss3.so
testing file permissions for /home/sftproot/usr/lib64/libnss3.so
comparing /home/sftproot/usr/lib64/libtdb.so.1.2.1 and
/usr/lib64/libtdb.so.1.2.1
testing file permissions for /home/sftproot/usr/lib64/libtdb.so.1.2.1
comparing /home/sftproot/usr/lib64/libtdb.so.1 and /usr/lib64/libtdb.so.1
testing file permissions for /home/sftproot/usr/lib64/libtdb.so.1
comparing /home/sftproot/usr/lib64/libsasl2.so.2 and
/usr/lib64/libsasl2.so.2
testing file permissions for /home/sftproot/usr/lib64/libsasl2.so.2
comparing /home/sftproot/usr/lib64/libnssutil3.so and
/usr/lib64/libnssutil3.so
testing file permissions for /home/sftproot/usr/lib64/libnssutil3.so
comparing /home/sftproot/usr/lib64/libssl.so.1.0.0 and
/usr/lib64/libssl.so.1.0.0
testing file permissions for /home/sftproot/usr/lib64/libssl.so.1.0.0
comparing /home/sftproot/usr/lib64/libcrypto.so.1.0.0 and
/usr/lib64/libcrypto.so.1.0.0
testing file permissions for /home/sftproot/usr/lib64/libcrypto.so.1.0.0
comparing /home/sftproot/usr/lib64/libtalloc.so.2 and
/usr/lib64/libtalloc.so.2
testing file permissions for /home/sftproot/usr/lib64/libtalloc.so.2
comparing /home/sftproot/usr/lib64/liblber-2.4.so.2.5.2 and
/usr/lib64/liblber-2.4.so.2.5.2
testing file permissions for /home/sftproot/usr/lib64/liblber-2.4.so.2.5.2
testing directory permissions for /home/sftproot/lib/
comparing /home/sftproot/lib/libc.so.6 and /lib/libc.so.6
testing file permissions for /home/sftproot/lib/libc.so.6
comparing /home/sftproot/lib/libnss_hesiod.so.2 and /lib/libnss_hesiod.so.2
testing file permissions for /home/sftproot/lib/libnss_hesiod.so.2
comparing /home/sftproot/lib/libnss_files-2.12.so and
/lib/libnss_files-2.12.so
testing file permissions for /home/sftproot/lib/libnss_files-2.12.so
comparing /home/sftproot/lib/libnss_dns.so.2 and /lib/libnss_dns.so.2
testing file permissions for /home/sftproot/lib/libnss_dns.so.2
comparing /home/sftproot/lib/libc-2.12.so and /lib/libc-2.12.so
testing file permissions for /home/sftproot/lib/libc-2.12.so
comparing /home/sftproot/lib/libnss_files.so.2 and /lib/libnss_files.so.2
testing file permissions for /home/sftproot/lib/libnss_files.so.2
comparing /home/sftproot/lib/libnss_hesiod-2.12.so and
/lib/libnss_hesiod-2.12.so
testing file permissions for /home/sftproot/lib/libnss_hesiod-2.12.so
comparing /home/sftproot/lib/libnss_dns-2.12.so and /lib/libnss_dns-2.12.so
testing file permissions for /home/sftproot/lib/libnss_dns-2.12.so
comparing /home/sftproot/lib/libnss_nis.so.2 and /lib/libnss_nis.so.2
testing file permissions for /home/sftproot/lib/libnss_nis.so.2
comparing /home/sftproot/lib/libnsl-2.12.so and /lib/libnsl-2.12.so
testing file permissions for /home/sftproot/lib/libnsl-2.12.so
comparing /home/sftproot/lib/ld-linux.so.2 and /lib/ld-linux.so.2
testing file permissions for /home/sftproot/lib/ld-linux.so.2
comparing /home/sftproot/lib/libresolv.so.2 and /lib/libresolv.so.2
testing file permissions for /home/sftproot/lib/libresolv.so.2
comparing /home/sftproot/lib/libnss_nisplus-2.12.so and
/lib/libnss_nisplus-2.12.so
testing file permissions for /home/sftproot/lib/libnss_nisplus-2.12.so
comparing /home/sftproot/lib/libnss_compat-2.12.so and
/lib/libnss_compat-2.12.so
testing file permissions for /home/sftproot/lib/libnss_compat-2.12.so
comparing /home/sftproot/lib/ld-2.12.so and /lib/ld-2.12.so
testing file permissions for /home/sftproot/lib/ld-2.12.so
comparing /home/sftproot/lib/libnss_nisplus.so.2 and
/lib/libnss_nisplus.so.2
testing file permissions for /home/sftproot/lib/libnss_nisplus.so.2
comparing /home/sftproot/lib/libnsl.so.1 and /lib/libnsl.so.1
testing file permissions for /home/sftproot/lib/libnsl.so.1
comparing /home/sftproot/lib/libresolv-2.12.so and /lib/libresolv-2.12.so
testing file permissions for /home/sftproot/lib/libresolv-2.12.so
comparing /home/sftproot/lib/libnss_compat.so.2 and /lib/libnss_compat.so.2
testing file permissions for /home/sftproot/lib/libnss_compat.so.2
comparing /home/sftproot/lib/libnss_nis-2.12.so and /lib/libnss_nis-2.12.so
testing file permissions for /home/sftproot/lib/libnss_nis-2.12.so
testing directory permissions for /home/sftproot/home/
testing directory permissions for /home/sftproot/home/test00/
testing file permissions for /home/sftproot/home/test00/.bash_logout
testing file permissions for /home/sftproot/home/test00/.bashrc
testing file permissions for /home/sftproot/home/test00/.bash_profile
testing file permissions for /home/sftproot/home/test00/test2.txt
testing file permissions for /home/sftproot/home/test00/test.txt
testing directory permissions for /home/sftproot/home/test11/
testing file permissions for /home/sftproot/home/test11/.bash_logout
testing file permissions for /home/sftproot/home/test11/.bashrc
testing file permissions for /home/sftproot/home/test11/.bash_profile
testing file permissions for /home/sftproot/home/test11/test.txt
testing directory permissions for /home/sftproot/dev/
ignoring path /home/sftproot/dev/log
ignoring path /home/sftproot/dev/null
ignoring path /home/sftproot/dev/urandom
testing directory permissions for /home/sftproot/etc/
testing file permissions for /home/sftproot/etc/ld.so.cache
testing file permissions for /home/sftproot/etc/ld.so.conf
testing file permissions for /home/sftproot/etc/hosts
testing directory permissions for /home/sftproot/etc/jailkit/
testing file permissions for /home/sftproot/etc/jailkit/jk_lsh.ini
testing file permissions for /home/sftproot/etc/protocols
testing file permissions for /home/sftproot/etc/resolv.conf
testing file permissions for /home/sftproot/etc/passwd
testing file permissions for /home/sftproot/etc/services
testing file permissions for /home/sftproot/etc/host.conf
testing file permissions for /home/sftproot/etc/group
testing file permissions for /home/sftproot/etc/localtime
testing file permissions for /home/sftproot/etc/nsswitch.conf
testing directory permissions for /home/sftproot/lib64/
comparing /home/sftproot/lib64/libnss_winbind.so.2 and
/lib64/libnss_winbind.so.2
testing file permissions for /home/sftproot/lib64/libnss_winbind.so.2
comparing /home/sftproot/lib64/libc.so.6 and /lib64/libc.so.6
testing file permissions for /home/sftproot/lib64/libc.so.6
comparing /home/sftproot/lib64/libnss_hesiod.so.2 and
/lib64/libnss_hesiod.so.2
testing file permissions for /home/sftproot/lib64/libnss_hesiod.so.2
comparing /home/sftproot/lib64/libkeyutils.so.1 and /lib64/libkeyutils.so.1
testing file permissions for /home/sftproot/lib64/libkeyutils.so.1
comparing /home/sftproot/lib64/libkrb5support.so.0.1 and
/lib64/libkrb5support.so.0.1
testing file permissions for /home/sftproot/lib64/libkrb5support.so.0.1
comparing /home/sftproot/lib64/libgssapi_krb5.so.2 and
/lib64/libgssapi_krb5.so.2
testing file permissions for /home/sftproot/lib64/libgssapi_krb5.so.2
comparing /home/sftproot/lib64/libcom_err.so.2.1 and
/lib64/libcom_err.so.2.1
testing file permissions for /home/sftproot/lib64/libcom_err.so.2.1
comparing /home/sftproot/lib64/libnss_files-2.12.so and
/lib64/libnss_files-2.12.so
testing file permissions for /home/sftproot/lib64/libnss_files-2.12.so
comparing /home/sftproot/lib64/libnss_dns.so.2 and /lib64/libnss_dns.so.2
testing file permissions for /home/sftproot/lib64/libnss_dns.so.2
comparing /home/sftproot/lib64/libcap.so.2.16 and /lib64/libcap.so.2.16
testing file permissions for /home/sftproot/lib64/libcap.so.2.16
comparing /home/sftproot/lib64/libutil.so.1 and /lib64/libutil.so.1
testing file permissions for /home/sftproot/lib64/libutil.so.1
comparing /home/sftproot/lib64/libc-2.12.so and /lib64/libc-2.12.so
testing file permissions for /home/sftproot/lib64/libc-2.12.so
comparing /home/sftproot/lib64/libgssapi_krb5.so.2.2 and
/lib64/libgssapi_krb5.so.2.2
testing file permissions for /home/sftproot/lib64/libgssapi_krb5.so.2.2
comparing /home/sftproot/lib64/libnss_files.so.2 and
/lib64/libnss_files.so.2
testing file permissions for /home/sftproot/lib64/libnss_files.so.2
comparing /home/sftproot/lib64/libcap.so.2 and /lib64/libcap.so.2
testing file permissions for /home/sftproot/lib64/libcap.so.2
comparing /home/sftproot/lib64/libz.so.1 and /lib64/libz.so.1
testing file permissions for /home/sftproot/lib64/libz.so.1
comparing /home/sftproot/lib64/libnss_ldap.so.2 and /lib64/libnss_ldap.so.2
testing file permissions for /home/sftproot/lib64/libnss_ldap.so.2
comparing /home/sftproot/lib64/libnss_hesiod-2.12.so and
/lib64/libnss_hesiod-2.12.so
testing file permissions for /home/sftproot/lib64/libnss_hesiod-2.12.so
comparing /home/sftproot/lib64/libnss_dns-2.12.so and
/lib64/libnss_dns-2.12.so
testing file permissions for /home/sftproot/lib64/libnss_dns-2.12.so
comparing /home/sftproot/lib64/libattr.so.1.1.0 and /lib64/libattr.so.1.1.0
testing file permissions for /home/sftproot/lib64/libattr.so.1.1.0
comparing /home/sftproot/lib64/libnss_nis.so.2 and /lib64/libnss_nis.so.2
testing file permissions for /home/sftproot/lib64/libnss_nis.so.2
comparing /home/sftproot/lib64/libdl-2.12.so and /lib64/libdl-2.12.so
testing file permissions for /home/sftproot/lib64/libdl-2.12.so
comparing /home/sftproot/lib64/libcrypt-2.12.so and /lib64/libcrypt-2.12.so
testing file permissions for /home/sftproot/lib64/libcrypt-2.12.so
comparing /home/sftproot/lib64/libpthread-2.12.so and
/lib64/libpthread-2.12.so
testing file permissions for /home/sftproot/lib64/libpthread-2.12.so
comparing /home/sftproot/lib64/libkrb5.so.3.3 and /lib64/libkrb5.so.3.3
testing file permissions for /home/sftproot/lib64/libkrb5.so.3.3
comparing /home/sftproot/lib64/libcom_err.so.2 and /lib64/libcom_err.so.2
testing file permissions for /home/sftproot/lib64/libcom_err.so.2
comparing /home/sftproot/lib64/libkrb5support.so.0 and
/lib64/libkrb5support.so.0
testing file permissions for /home/sftproot/lib64/libkrb5support.so.0
comparing /home/sftproot/lib64/libkrb5.so.3 and /lib64/libkrb5.so.3
testing file permissions for /home/sftproot/lib64/libkrb5.so.3
comparing /home/sftproot/lib64/ld-linux-x86-64.so.2 and
/lib64/ld-linux-x86-64.so.2
testing file permissions for /home/sftproot/lib64/ld-linux-x86-64.so.2
comparing /home/sftproot/lib64/libnsl-2.12.so and /lib64/libnsl-2.12.so
testing file permissions for /home/sftproot/lib64/libnsl-2.12.so
comparing /home/sftproot/lib64/libnspr4.so and /lib64/libnspr4.so
testing file permissions for /home/sftproot/lib64/libnspr4.so
comparing /home/sftproot/lib64/libnss_wins.so.2 and /lib64/libnss_wins.so.2
testing file permissions for /home/sftproot/lib64/libnss_wins.so.2
comparing /home/sftproot/lib64/libdl.so.2 and /lib64/libdl.so.2
testing file permissions for /home/sftproot/lib64/libdl.so.2
comparing /home/sftproot/lib64/libresolv.so.2 and /lib64/libresolv.so.2
testing file permissions for /home/sftproot/lib64/libresolv.so.2
comparing /home/sftproot/lib64/libfreebl3.so and /lib64/libfreebl3.so
testing file permissions for /home/sftproot/lib64/libfreebl3.so
comparing /home/sftproot/lib64/libnss_sss.so.2 and /lib64/libnss_sss.so.2
testing file permissions for /home/sftproot/lib64/libnss_sss.so.2
comparing /home/sftproot/lib64/libpthread.so.0 and /lib64/libpthread.so.0
testing file permissions for /home/sftproot/lib64/libpthread.so.0
comparing /home/sftproot/lib64/libnss_nisplus-2.12.so and
/lib64/libnss_nisplus-2.12.so
testing file permissions for /home/sftproot/lib64/libnss_nisplus-2.12.so
comparing /home/sftproot/lib64/libplds4.so and /lib64/libplds4.so
testing file permissions for /home/sftproot/lib64/libplds4.so
comparing /home/sftproot/lib64/libnss_compat-2.12.so and
/lib64/libnss_compat-2.12.so
testing file permissions for /home/sftproot/lib64/libnss_compat-2.12.so
comparing /home/sftproot/lib64/libz.so.1.2.3 and /lib64/libz.so.1.2.3
testing file permissions for /home/sftproot/lib64/libz.so.1.2.3
comparing /home/sftproot/lib64/libcrypt.so.1 and /lib64/libcrypt.so.1
testing file permissions for /home/sftproot/lib64/libcrypt.so.1
comparing /home/sftproot/lib64/libutil-2.12.so and /lib64/libutil-2.12.so
testing file permissions for /home/sftproot/lib64/libutil-2.12.so
comparing /home/sftproot/lib64/ld-2.12.so and /lib64/ld-2.12.so
testing file permissions for /home/sftproot/lib64/ld-2.12.so
comparing /home/sftproot/lib64/libkeyutils.so.1.3 and
/lib64/libkeyutils.so.1.3
testing file permissions for /home/sftproot/lib64/libkeyutils.so.1.3
comparing /home/sftproot/lib64/libk5crypto.so.3.1 and
/lib64/libk5crypto.so.3.1
testing file permissions for /home/sftproot/lib64/libk5crypto.so.3.1
comparing /home/sftproot/lib64/libnss_nisplus.so.2 and
/lib64/libnss_nisplus.so.2
testing file permissions for /home/sftproot/lib64/libnss_nisplus.so.2
comparing /home/sftproot/lib64/libnsl.so.1 and /lib64/libnsl.so.1
testing file permissions for /home/sftproot/lib64/libnsl.so.1
comparing /home/sftproot/lib64/libresolv-2.12.so and
/lib64/libresolv-2.12.so
testing file permissions for /home/sftproot/lib64/libresolv-2.12.so
comparing /home/sftproot/lib64/libattr.so.1 and /lib64/libattr.so.1
testing file permissions for /home/sftproot/lib64/libattr.so.1
comparing /home/sftproot/lib64/libplc4.so and /lib64/libplc4.so
testing file permissions for /home/sftproot/lib64/libplc4.so
comparing /home/sftproot/lib64/libk5crypto.so.3 and /lib64/libk5crypto.so.3
testing file permissions for /home/sftproot/lib64/libk5crypto.so.3
comparing /home/sftproot/lib64/libnss_compat.so.2 and
/lib64/libnss_compat.so.2
testing file permissions for /home/sftproot/lib64/libnss_compat.so.2
comparing /home/sftproot/lib64/libselinux.so.1 and /lib64/libselinux.so.1
testing file permissions for /home/sftproot/lib64/libselinux.so.1
comparing /home/sftproot/lib64/libnss_nis-2.12.so and
/lib64/libnss_nis-2.12.so
testing file permissions for /home/sftproot/lib64/libnss_nis-2.12.so
ignoring entry for user root in jail/etc/passwd
comparing jailed user test00 with the real user
comparing jailed user test11 with the real user
Am 05.02.2011 11:12, schrieb tiri:
Hi Olivier,
so I changed PREFIX to EXEPREFIX in line 214.
But I get following error:
$ jk_check -v -c /etc/jailkit/jk_check.ini /home/sftproot
/usr/sbin/jk_check:38: DeprecationWarning: the md5 module is deprecated;
use hashlib instead
import md5
Traceback (most recent call last):
File "/usr/sbin/jk_check", line 289, in <module>
main()
File "/usr/sbin/jk_check", line 286, in main
activateConfig(configfile, verbose)
File "/usr/sbin/jk_check", line 235, in activateConfig
jails = testrealpasswd()
File "/usr/sbin/jk_check", line 215, in testrealpasswd
if (rpw[6].trim() != chrootsh):
AttributeError: 'str' object has no attribute 'trim'
My jk_check.ini looks like:
#/etc/jailkit/jk_check.ini
[/home/sftproot]
# jk_check does not run any tests in this directory (useful for proc
filesystem)
# be careful!! there is I repeat NO SINGLE TEST in this directory
#ignorepatheverywhere =
# jk_check compares files if they are equal to their counterparts in the
real system,
# using md5sum(). In the specified directories it will not test if files
are equal
# it will still test for world writable directories and setuid files
ignorepathoncompare = /home/sftproot/home, /home/sftproot/etc
# jk_check tests directory permissions, if you deliberately made some
directories writable
# for group or others, or you don't care, specify them here
ignorewritableforgroup = /home/sftproot/home
ignorewritableforothers = /home/sftproot/home/tmp
# jk_check tests for setuid root and setgid root files
# if you deliberately have such files specify them here
#ignoresetuidexecuteforuser = /home/testchroot/usr/bin/smbmnt,
/home/testchroot/usr/bin/smbumount
#ignoresetuidexecuteforgroup = /home/testchroot/usr/bin/smbmnt,
/home/testchroot/usr/bin/smbumount
#ignoresetuidexecuteforothers =
Best regards for your help.
Thomas.
Btw- how can I get cvs version for fix?
Am 05.02.2011 09:21, schrieb Olivier Sessink:
this is already fixed in cvs, but not yet released. PREFIX should be
EXEPREFIX.
Olivier
On 02/04/2011 11:35 PM, tiri wrote:
Hello list,
currently I use 2.13 and are getting following error when starting
$ jk_check -v -c /etc/jailkit/jk_check.ini /home/sftproot
/usr/sbin/jk_check:38: DeprecationWarning: the md5 module is deprecated;
use hashlib instead
import md5
Traceback (most recent call last):
File "/usr/sbin/jk_check", line 289, in<module>
main()
File "/usr/sbin/jk_check", line 286, in main
activateConfig(configfile, verbose)
File "/usr/sbin/jk_check", line 235, in activateConfig
jails = testrealpasswd()
File "/usr/sbin/jk_check", line 214, in testrealpasswd
chrootsh = os.path.join(PREFIX, '/sbin/jk_chrootsh')
NameError: global name 'PREFIX' is not defined
Even if I add PREFIX='/usr' to get chrootsh found, it does not work
(here with modified jk_check).
$ jk_check -v -c /etc/jailkit/jk_check.ini /home/sftproot
/usr/sbin/jk_check:38: DeprecationWarning: the md5 module is deprecated;
use hashlib instead
import md5
Traceback (most recent call last):
File "/usr/sbin/jk_check", line 290, in<module>
main()
File "/usr/sbin/jk_check", line 287, in main
activateConfig(configfile, verbose)
File "/usr/sbin/jk_check", line 236, in activateConfig
jails = testrealpasswd()
File "/usr/sbin/jk_check", line 216, in testrealpasswd
if (rpw[6].trim() != chrootsh):
AttributeError: 'str' object has no attribute 'trim'
Operating System is RHEL6 x86_64.
Any help is appreciated.
Best regards,
Thomas