• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Security Alert!

A

agbate

Guest
I just noticed this problem today when I was running into an issue with horde not finding the database properly.

It appears that the log file, /var/log/psa-horde.log is owned by apache and not root.

Personally, I find this quite scary considering that log lines such as this are present:

DB Error: extension not found: mysql, , /var/lib/mysql/mysql.sock, unix, localhost, horde, horde, XXXXXXXX, utf8, horde, horde.perms, horde_datatree, horde_datatree_attributes

Where XXXXXXXX is the database password, which if it wasn't changed for user 'horde' is also the password of the admin login for mysql.

Considering the number of phpbb/nuke/mambo exploits that allow users to gain access to user apache, this issue concerns me.

I just thought I'd share this with everyone incase no one noticed. Just another reason to make sure all your scripts are up to date.

Cheers.

Adam.
 
Back
Top