[clamav-users] Freshclam Proxy Password
Matus UHLAR - fantomas
uhlar at fantomas.sk
Wed Feb 15 11:39:48 UTC 2023
On 15.02.23 08:26, Jorge Elissalde via clamav-users wrote:
>Freshclam Proxy Password is stored as plain text in Freshclam.conf file.
>
>HTTPProxyPassword myownpassword
>
>Any user is able to read that password.
>Is there a chance to store that password encrypted or in another place?
It should be safe to set permissions to freshclam.conf only to be readable
for owner, maybe group, dependending on your system:
-r--r--r-- 1 clamav adm 715 Apr 24 2021 /etc/clamav/freshclam.conf
% ps axuww | grep resh
clamav 2646 0.0 0.0 66864 6380 ? Ss Jan30 0:19 /usr/bin/freshclam -d --quiet --config-file=/etc/clamav/freshclam.conf --pid=/run/clamav/freshclam.pid
Here, permissions 0400 would be enough.
debian (and so I guess ubuntu) seems to do that automatically if password
is set:
if [ -f "$FRESHCLAMCONFFILE" ] && [ ! -L "$FRESHCLAMCONFFILE" ]; then
# Tighten the permissions up if it contains a password
if [ -n "$ppass" ]; then
chmod 400 $FRESHCLAMCONFFILE
else
chmod 444 $FRESHCLAMCONFFILE
fi
chown "$dbowner":adm $FRESHCLAMCONFFILE
fi
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Fighting for peace is like fucking for virginity...
More information about the clamav-users
mailing list