diff --git a/src/admin.c b/src/admin.c index f106c0e3..92d6e2f6 100644 --- a/src/admin.c +++ b/src/admin.c @@ -1783,6 +1783,30 @@ static void command_dashboard (client_t *client, source_t *source, adm if (config->config_problems & CONFIG_PROBLEM_VALIDATION) __reportxml_add_maintenance(reportnode, config->reportxml_db, "8fc33086-274d-4ccb-b32f-599b3fa0f41a", "error", "The configuration did not validate. See the error.log for details and update your configuration accordingly.", NULL); + if (config->chroot) { +#if HAVE_CHROOT + if (global.chroot_succeeded) { + __reportxml_add_maintenance(reportnode, config->reportxml_db, "6830cbf7-cd68-4c0c-ab5a-81499c70fd34", "info", "chroot configured and active.", NULL); + } else { + __reportxml_add_maintenance(reportnode, config->reportxml_db, "2d584a76-e67c-4268-b7e8-139b0b9b1131", "error", "chroot configured but failed.", NULL); + } +#else + __reportxml_add_maintenance(reportnode, config->reportxml_db, "1a3fea5c-3352-4cb5-85cc-51ab9bd6ea83", "error", "chroot configured but not supported by operating system.", NULL); +#endif + } + + if(config->chuid) { +#if HAVE_SETUID + if (global.chuid_succeeded) { + __reportxml_add_maintenance(reportnode, config->reportxml_db, "bab05e81-fd03-4773-9fc5-c4609883a5e3", "info", "Change of UID/GID configured and active.", NULL); + } else { + __reportxml_add_maintenance(reportnode, config->reportxml_db, "4f856dd4-7aac-44b4-95b5-b6798f547603", "error", "Change of UID/GID configured but failed.", NULL); + } +#else + __reportxml_add_maintenance(reportnode, config->reportxml_db, "afcaa756-b91c-4496-a9e2-44400a18789c", "error", "Change of UID/GID configured but not supported by operating system.", NULL); +#endif + } + if (!has_sources) __reportxml_add_maintenance(reportnode, config->reportxml_db, "f68dd8a3-22b1-4118-aba6-b039f2c5b51e", "info", "Currently no sources are connected to this server.", NULL); @@ -1802,6 +1826,19 @@ static void command_dashboard (client_t *client, source_t *source, adm } #endif + if (true) { + /* A list of environment variables that will normally not be seen in a daemon environment. */ + static const char * const keys[] = {"DISPLAY", "LS_COLORS", "TERM", "XDG_RUNTIME_DIR"}; + size_t i; + + for (i = 0; i < (sizeof(keys)/sizeof(*keys)); i++) { + if (getenv(keys[i])) { + __reportxml_add_maintenance(reportnode, config->reportxml_db, "dc91ce96-f473-41d1-bfff-379666306911", "info", "Environment is noisy.", NULL); + break; + } + } + } + reportxml_helper_add_value_health(resource, "status", health); reportxml_node_add_child(incident, resource); diff --git a/src/global.h b/src/global.h index 6217d9f7..4d141b20 100644 --- a/src/global.h +++ b/src/global.h @@ -46,6 +46,11 @@ typedef struct ice_global_tag relay_t *master_relays; module_container_t *modulecontainer; + + + /* state */ + bool chroot_succeeded; + bool chuid_succeeded; } ice_global_t; extern ice_global_t global; diff --git a/src/main.c b/src/main.c index e6734e97..90c8dbbf 100644 --- a/src/main.c +++ b/src/main.c @@ -479,34 +479,36 @@ static void _ch_root_uid_setup(void) } #endif + /* ensure a valid initial state */ + global.chroot_succeeded = false; + global.chuid_succeeded = false; + #if HAVE_CHROOT - if (conf->chroot) - { - if(getuid()) /* root check */ - { + if (conf->chroot) { + if (getuid()) { /* root check */ fprintf(stderr, "WARNING: Cannot change server root unless running as root.\n"); } - if(chroot(conf->base_dir) == -1 || chdir("/") == -1) - { + + if(chroot(conf->base_dir) == -1 || chdir("/") == -1) { fprintf(stderr,"WARNING: Couldn't change server root: %s\n", strerror(errno)); return; - } - else + } else { fprintf(stdout, "Changed root successfully to \"%s\".\n", conf->base_dir); - + global.chroot_succeeded = true; + } } #endif #if HAVE_SETUID - if(conf->chuid) - { - if(getuid()) /* root check */ - { + if(conf->chuid) { + if (getuid()) { /* root check */ fprintf(stderr, "WARNING: Can't change user id unless you are root.\n"); return; } - if(uid != (uid_t)-1 && gid != (gid_t)-1) { + if (uid != (uid_t)-1 && gid != (gid_t)-1) { + global.chuid_succeeded = true; + #ifdef HAVE_SETRESGID if(!setresgid(gid, gid, gid)) { #else @@ -515,11 +517,15 @@ static void _ch_root_uid_setup(void) fprintf(stdout, "Changed groupid to %i.\n", (int)gid); } else { fprintf(stdout, "Error changing groupid: %s.\n", strerror(errno)); + global.chuid_succeeded = false; } - if(!initgroups(conf->user, gid)) + if(!initgroups(conf->user, gid)) { fprintf(stdout, "Changed supplementary groups based on user: %s.\n", conf->user); - else + } else { fprintf(stdout, "Error changing supplementary groups: %s.\n", strerror(errno)); + global.chuid_succeeded = false; + } + #ifdef HAVE_SETRESUID if(!setresuid(uid, uid, uid)) { #else @@ -528,6 +534,7 @@ static void _ch_root_uid_setup(void) fprintf(stdout, "Changed userid to %i.\n", (int)uid); } else { fprintf(stdout, "Error changing userid: %s.\n", strerror(errno)); + global.chuid_succeeded = false; } } }