Security

App cert validation: Do I need to remove the write permissions for all users across all files in the error message?

prpatel322141
New Member

Who are xx2, xx6, xx7 users? Are they specific users or examples of users say x,y, z? According to the given below error, do I require to remove write permissions for all files completely for all users?

  { [-] 
         category:   app_cert_validation    
         description:    Check that no files have *nix write permissions for all users  (xx2, xx6, xx7). Splunk recommends 644 for all app files outside of the  bin/ directory, 644 for scripts within the bin/ directory that are  invoked using an interpreter (e.g. python my_script.py or  sh my_script.sh), and 755 for scripts within the bin/ directory that are  invoked directly (e.g. ./my_script.sh or ./my_script)..   
         ext_data:  {   [+] 
        }   
         message_id:     7004   
         messages:   [{"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: README.txt"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: app.manifest"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: appserver/static/alert_eaglesms.png"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: appserver/static/alerticon.png"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: appserver/static/css/common.css"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: appserver/static/css/bootstrap-enterprise.css"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: appserver/static/css/configuration.css"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: appserver/static/css/inputs.css"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: appserver/static/js/build/inputs_page.js"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: appserver/static/js/build/globalConfig.json"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: appserver/static/js/build/configuration_page.js"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: appserver/static/js/build/common.js"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: appserver/static/js/build/1.1.js"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: appserver/static/img/loading.gif"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: appserver/static/img/loading-24.gif"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: appserver/templates/base.html"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: README/ta_smseagle_settings.conf.spec"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: README/addon_builder.conf.spec"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: README/alert_actions.conf.spec"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: default/web.conf"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: default/props.conf"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: default/app.conf"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: default/ta_smseagle_settings.conf"}, {"filename": "check_source_and_binaries.py", "line": 181, "result": "failure", "code": "reporter.fail(reporter_output)", "message": "A world-writable file was found. File: default/addon_builder.conf"}, {"filename": "db.py", "line": 40, "result": "warning", "code": "in reporter.report_records(max_records=max_messages)]", "message": "Suppressed 1040 failure messages"}]    
         rule_name:  Validate app certification 
         severity:   Fatal  
         solution:   There are multiple errors for this check. Please check "messages" for details. 
         status:     Fail   
         sub_category:   Source code and binaries standards 
         ta_name:    TA-X   
         validation_id:  v_1525882069_95    
         validation_time:    1525882384 
    }
0 Karma
1 Solution

gjanders
SplunkTrust
SplunkTrust

Who are xx2, xx6, xx7 users?

They are not users, I believe it would be a reference to Unix permissions where:
7 = read, write & execute
2 = write
6 = read and write

The message is to advise you that you cannot have any permissions in numeric format that end in 2 or 6 or 7 as the last digit.
In other words, you cannot have write for all users for certification purposes...
An:

ls -lR

Will show you where the permissions are set this way or you could just :

find <yourdirectory> -type f -exec chmod 644 '{}' \;
find <yourdirectory> -type d -exec chmod 755 '{}' \;

And then you would need to chmod 755 for files inside the bin directory if you have any...
You could also restrict those permissions further if required...

View solution in original post

0 Karma

gjanders
SplunkTrust
SplunkTrust

Who are xx2, xx6, xx7 users?

They are not users, I believe it would be a reference to Unix permissions where:
7 = read, write & execute
2 = write
6 = read and write

The message is to advise you that you cannot have any permissions in numeric format that end in 2 or 6 or 7 as the last digit.
In other words, you cannot have write for all users for certification purposes...
An:

ls -lR

Will show you where the permissions are set this way or you could just :

find <yourdirectory> -type f -exec chmod 644 '{}' \;
find <yourdirectory> -type d -exec chmod 755 '{}' \;

And then you would need to chmod 755 for files inside the bin directory if you have any...
You could also restrict those permissions further if required...

0 Karma

xpac
SplunkTrust
SplunkTrust

Just to add - the three digits refer (in this order) to the user a file belongs to, to the group a file belongs to, and to world (all users).
Splunk complains because they're "world-writable", meaning anybody could change them, which is a potential security issue. Therefore, follow the advice above 🙂

0 Karma

prpatel322141
New Member

Do you all mean in a virtual Box I have to install Unix Operating System and after applying appropriate permissions to the mentioned files and then validating and repackaging the Add-on will resolve this issue?
@Note: I am using Windows 10 Operating system.

0 Karma

gjanders
SplunkTrust
SplunkTrust

@prpatel322141 yes, the Unix permissions are what matters here if you are using tar/gzip inside the VM.
If you are packaging outside the VM on Windows then the tool you are using might matter instead...

I used to use cygwin to get the permissions correct as setting permissions in the Windows OS is difficult!
A quick search advised that 7zip probably won't let you set permissions, in fact most Windows-based tools will not as these are not Windows based permissions.

0 Karma

xpac
SplunkTrust
SplunkTrust

Depending on the compression tool you use (7-zip, WinRAR, etc) you might be able to set those permissions in the tar.gz file directly - you could check that.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...