(imported topic written by martinc)
I was about to start looking at creating an analysis to detect this, but from what I can see, it looks like I am going to have to create a fixlet to execute and then retrieve the contents. This link has information on the detection:
I see that in the doc it suggests the following two items that I could check for.
-
grep -r open_tty /usr/local/apache/
-
chattr -ai /usr/local/apache/bin/httpd
The first one is not an issue, but I cannot seem to find a method to get the second.
There is also a python script that can be executed (can be found at:
), but i was trying to avoid running scripts.
Thanks
Martin