lynis icon indicating copy to clipboard operation
lynis copied to clipboard

Published 20 hours ago verified publisher icon CISOfy

Apache: Configurations with Aliases not detected as vhosts

Open ghost opened this issue 2 years ago • 2 comments

Describe the bug Lynis didn't find any virtual hosts, but I actually have some

Version

  • Distribution: openSUSE Tumbleweed
  • Lynis version 3.0.6

Expected behavior virtual hosts are detected

Output

[+] Software: webserver
------------------------------------
  - Checking Apache (binary /usr/sbin/httpd)                  [ FOUND ]
      Info: Configuration file found (/etc/apache2/httpd.conf)
      Info: No virtual hosts found

The log mentions them however:

2021-08-02 09:03:18 ====
2021-08-02 09:03:18 Performing test ID HTTP-6626 (Testing other Apache configuration file)
2021-08-02 09:03:18 Apache config file: /etc/apache2/conf.d/api-apache.conf
2021-08-02 09:03:18 Test: check if we can access /etc/apache2/conf.d/api-apache.conf (escaped: /etc/apache2/conf.d/api-apache.conf)
2021-08-02 09:03:18 Result: file is owned by our current user ID (0), checking if it is readable
2021-08-02 09:03:18 Result: file /etc/apache2/conf.d/api-apache.conf is readable (or directory accessible).
...
2021-08-02 09:03:19 Test: check if we can access /etc/apache2/vhosts.d/intelmq-api.conf (escaped: /etc/apache2/vhosts.d/intelmq-api.conf)
2021-08-02 09:03:19 Action: checking symlink for file /etc/apache2/vhosts.d/intelmq-api.conf
2021-08-02 09:03:19 Note: Using real readlink binary to determine symlink on /etc/apache2/vhosts.d/intelmq-api.conf
2021-08-02 09:03:19 Result: readlink shows /etc/intelmq/api-apache.conf as output
2021-08-02 09:03:19 Result: symlink found, pointing to file /etc/intelmq/api-apache.conf
2021-08-02 09:03:19 Result: file is not owned by current user ID (0), but UID 458
2021-08-02 09:03:19 Result: file /etc/intelmq/api-apache.conf is readable (or directory accessible).
2021-08-02 09:03:19 Apache config file: /etc/apache2/vhosts.d/manager-apache.conf
2021-08-02 09:03:19 Test: check if we can access /etc/apache2/vhosts.d/manager-apache.conf (escaped: /etc/apache2/vhosts.d/manager-apache.conf)
2021-08-02 09:03:19 Result: file is owned by our current user ID (0), checking if it is readable
2021-08-02 09:03:19 Result: file /etc/apache2/vhosts.d/manager-apache.conf is readable (or directory accessible).
2021-08-02 09:03:19 Result: found 0 virtual hosts
2021-08-02 09:03:19 ====

Additional context

# ls /etc/apache2/vhosts.d/
intelmq-api.conf  manager-apache.conf  vhost-ssl.template  vhost.template

ghost avatar Aug 02 '21 07:08 ghost

Can you show the actual definitions of the virtual host? Looks like the files are readable, but the entries are not correctly parsed.

mboelen avatar Aug 02 '21 14:08 mboelen

Here: https://github.com/certtools/intelmq-api/blob/develop/contrib/api-apache.conf https://github.com/certtools/intelmq-manager/blob/develop/contrib/manager-apache.conf

They are not fixed on domains/ports, but just provide Aliases. Maybe this is the reason that the files are not detected?

ghost avatar Aug 02 '21 15:08 ghost