Security

App cert validation: Do I need to remove the write permissions for all users across all files in the error message?

prpatel322141
New Member

Who are xx2, xx6, xx7 users? Are they specific users or examples of users say x,y, z? According to the given below error, do I require to remove write permissions for all files completely for all users?

  { [-] 
         category:   app_cert_validation    
         description:    Check that no files have *nix write permissions for all users  (xx2, xx6, xx7). Splunk recommends 644 for all app files outside of the  bin/ directory, 644 for scripts within the bin/ directory that are  invoked using an interpreter (e.g. python my_script.py or  sh my_script.sh), and 755 for scripts within the bin/ directory that are  invoked directly (e.g. ./my_script.sh or ./my_script)..   
         ext_data:  {   [+] 
        }   
         message_id:     7004   
         messages:   [{"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: README.txt"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: app.manifest"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: appserver/static/alert_eaglesms.png"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: appserver/static/alerticon.png"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: appserver/static/css/common.css"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: appserver/static/css/bootstrap-enterprise.css"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: appserver/static/css/configuration.css"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: appserver/static/css/inputs.css"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: appserver/static/js/build/inputs_page.js"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: appserver/static/js/build/globalConfig.json"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: appserver/static/js/build/configuration_page.js"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: appserver/static/js/build/common.js"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: appserver/static/js/build/1.1.js"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: appserver/static/img/loading.gif"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: appserver/static/img/loading-24.gif"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: appserver/templates/base.html"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: README/ta_smseagle_settings.conf.spec"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: README/addon_builder.conf.spec"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: README/alert_actions.conf.spec"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: default/web.conf"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: default/props.conf"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: default/app.conf"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: default/ta_smseagle_settings.conf"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: default/addon_builder.conf"}, {"filename": "db.py", "line": 40, "result": "warning", "code": "in reporter.report_records(max_records=max_messages)]", "message": "Suppressed 1040 failure messages"}]    
         rule_name:  Validate app certification 
         severity:   Fatal  
         solution:   There are multiple errors for this check. Please check "messages" for details. 
         status:     Fail   
         sub_category:   Source code and binaries standards 
         ta_name:    TA-X   
         validation_id:  v_1525882069_95    
         validation_time:    1525882384 
    }
0 Karma
1 Solution

gjanders
SplunkTrust
SplunkTrust

Who are xx2, xx6, xx7 users?

They are not users, I believe it would be a reference to Unix permissions where:
7 = read, write & execute
2 = write
6 = read and write

The message is to advise you that you cannot have any permissions in numeric format that end in 2 or 6 or 7 as the last digit.
In other words, you cannot have write for all users for certification purposes...
An:

ls -lR

Will show you where the permissions are set this way or you could just :

find <yourdirectory> -type f -exec chmod 644 '{}' \;
find <yourdirectory> -type d -exec chmod 755 '{}' \;

And then you would need to chmod 755 for files inside the bin directory if you have any...
You could also restrict those permissions further if required...

View solution in original post

0 Karma

gjanders
SplunkTrust
SplunkTrust

Who are xx2, xx6, xx7 users?

They are not users, I believe it would be a reference to Unix permissions where:
7 = read, write & execute
2 = write
6 = read and write

The message is to advise you that you cannot have any permissions in numeric format that end in 2 or 6 or 7 as the last digit.
In other words, you cannot have write for all users for certification purposes...
An:

ls -lR

Will show you where the permissions are set this way or you could just :

find <yourdirectory> -type f -exec chmod 644 '{}' \;
find <yourdirectory> -type d -exec chmod 755 '{}' \;

And then you would need to chmod 755 for files inside the bin directory if you have any...
You could also restrict those permissions further if required...

0 Karma

xpac
SplunkTrust
SplunkTrust

Just to add - the three digits refer (in this order) to the user a file belongs to, to the group a file belongs to, and to world (all users).
Splunk complains because they're "world-writable", meaning anybody could change them, which is a potential security issue. Therefore, follow the advice above 🙂

0 Karma

prpatel322141
New Member

Do you all mean in a virtual Box I have to install Unix Operating System and after applying appropriate permissions to the mentioned files and then validating and repackaging the Add-on will resolve this issue?
@Note: I am using Windows 10 Operating system.

0 Karma

gjanders
SplunkTrust
SplunkTrust

@prpatel322141 yes, the Unix permissions are what matters here if you are using tar/gzip inside the VM.
If you are packaging outside the VM on Windows then the tool you are using might matter instead...

I used to use cygwin to get the permissions correct as setting permissions in the Windows OS is difficult!
A quick search advised that 7zip probably won't let you set permissions, in fact most Windows-based tools will not as these are not Windows based permissions.

0 Karma

xpac
SplunkTrust
SplunkTrust

Depending on the compression tool you use (7-zip, WinRAR, etc) you might be able to set those permissions in the tar.gz file directly - you could check that.

0 Karma
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...