Fossil SCM
More security-audit checks.
Commit
4253b1de6b36188d49e6e11196c6530868445797b42e22b6051c71ef2e629277
Parent
3d6cf6a7226c740…
1 file changed
+32
-2
+32
-2
| --- src/security_audit.c | ||
| +++ src/security_audit.c | ||
| @@ -44,10 +44,11 @@ | ||
| 44 | 44 | void secaudit0_page(void){ |
| 45 | 45 | const char *zAnonCap; /* Capabilities of user "anonymous" and "nobody" */ |
| 46 | 46 | const char *zPubPages; /* GLOB pattern for public pages */ |
| 47 | 47 | char *z; |
| 48 | 48 | int n; |
| 49 | + double r; | |
| 49 | 50 | |
| 50 | 51 | login_check_credentials(); |
| 51 | 52 | if( !g.perm.Setup && !g.perm.Admin ){ |
| 52 | 53 | login_needed(0); |
| 53 | 54 | return; |
| @@ -76,12 +77,12 @@ | ||
| 76 | 77 | @ <p>Fix this by <a href="takeitprivate">taking the repository private</a> |
| 77 | 78 | @ or by removing the "y" permission from users "anonymous" and |
| 78 | 79 | @ "nobody" on the <a href="setup_ulist">User Configuration</a> page. |
| 79 | 80 | }else if( hasAnyCap(zAnonCap,"goz") ){ |
| 80 | 81 | @ <li><p>This repository is <big><b>PUBLIC</b></big>. All |
| 81 | - @ checked-in content can be accessed by anonymous passers-by on the | |
| 82 | - @ internet. <a href="takeitprivate">Take it private</a>.<p> | |
| 82 | + @ checked-in content can be accessed by anonymous users. | |
| 83 | + @ <a href="takeitprivate">Take it private</a>.<p> | |
| 83 | 84 | }else if( !hasAnyCap(zAnonCap, "jry") && (zPubPages==0 || zPubPages[0]==0) ){ |
| 84 | 85 | @ <li><p>This repository is <big><b>Completely PRIVATE</b></big>. |
| 85 | 86 | @ A valid login and password is required to access any content. |
| 86 | 87 | }else{ |
| 87 | 88 | @ <li><p>This repository is <big><b>Mostly PRIVATE</b></big>. |
| @@ -243,10 +244,39 @@ | ||
| 243 | 244 | @ <li><p> |
| 244 | 245 | @ The <a href="admin_log">Administrative Log</a> is disabled. |
| 245 | 246 | @ The administrative log provides a record of configuration changes |
| 246 | 247 | @ and is useful for security monitoring. |
| 247 | 248 | } |
| 249 | + | |
| 250 | +#if !defined(_WIN32) && !defined(FOSSIL_OMIT_LOAD_AVERAGE) | |
| 251 | + /* Make sure that the load-average limiter is armed and working */ | |
| 252 | + if( load_average()==0.0 ){ | |
| 253 | + @ <li><p> | |
| 254 | + @ Unable to get the system load average. This can prevent Fossil | |
| 255 | + @ from throttling expensive operations during peak demand. | |
| 256 | + @ <p>If running in a chroot jail on Linux, verify that the /proc | |
| 257 | + @ filesystem is mounted within the jail, so that the load average | |
| 258 | + @ can be obtained from the /proc/loadavg file. | |
| 259 | + }else { | |
| 260 | + double r = atof(db_get("max-loadavg", "0")); | |
| 261 | + if( r<=0.0 ){ | |
| 262 | + @ <li><p> | |
| 263 | + @ Load average limiting is turned off. This can cause the server | |
| 264 | + @ to bog down if many requests for expensive services (such as | |
| 265 | + @ large diffs or tarballs) arrive at about the same time. | |
| 266 | + @ <p>To fix this, set the "Server Load Average Limit" on the | |
| 267 | + @ <a href="setup_access">Access Control</a> page to approximately | |
| 268 | + @ the number of available cores on your server, or maybe just a little | |
| 269 | + @ less. | |
| 270 | + }else if( r>=8.0 ){ | |
| 271 | + @ <li><p> | |
| 272 | + @ The "Server Load Average Limit" on the | |
| 273 | + @ <a href="setup_access">Access Control</a> page is set to %g(r), | |
| 274 | + @ which seems high. Is this server really a %d((int)r)-core machine? | |
| 275 | + } | |
| 276 | + } | |
| 277 | +#endif | |
| 248 | 278 | |
| 249 | 279 | |
| 250 | 280 | @ </ol> |
| 251 | 281 | style_footer(); |
| 252 | 282 | } |
| 253 | 283 |
| --- src/security_audit.c | |
| +++ src/security_audit.c | |
| @@ -44,10 +44,11 @@ | |
| 44 | void secaudit0_page(void){ |
| 45 | const char *zAnonCap; /* Capabilities of user "anonymous" and "nobody" */ |
| 46 | const char *zPubPages; /* GLOB pattern for public pages */ |
| 47 | char *z; |
| 48 | int n; |
| 49 | |
| 50 | login_check_credentials(); |
| 51 | if( !g.perm.Setup && !g.perm.Admin ){ |
| 52 | login_needed(0); |
| 53 | return; |
| @@ -76,12 +77,12 @@ | |
| 76 | @ <p>Fix this by <a href="takeitprivate">taking the repository private</a> |
| 77 | @ or by removing the "y" permission from users "anonymous" and |
| 78 | @ "nobody" on the <a href="setup_ulist">User Configuration</a> page. |
| 79 | }else if( hasAnyCap(zAnonCap,"goz") ){ |
| 80 | @ <li><p>This repository is <big><b>PUBLIC</b></big>. All |
| 81 | @ checked-in content can be accessed by anonymous passers-by on the |
| 82 | @ internet. <a href="takeitprivate">Take it private</a>.<p> |
| 83 | }else if( !hasAnyCap(zAnonCap, "jry") && (zPubPages==0 || zPubPages[0]==0) ){ |
| 84 | @ <li><p>This repository is <big><b>Completely PRIVATE</b></big>. |
| 85 | @ A valid login and password is required to access any content. |
| 86 | }else{ |
| 87 | @ <li><p>This repository is <big><b>Mostly PRIVATE</b></big>. |
| @@ -243,10 +244,39 @@ | |
| 243 | @ <li><p> |
| 244 | @ The <a href="admin_log">Administrative Log</a> is disabled. |
| 245 | @ The administrative log provides a record of configuration changes |
| 246 | @ and is useful for security monitoring. |
| 247 | } |
| 248 | |
| 249 | |
| 250 | @ </ol> |
| 251 | style_footer(); |
| 252 | } |
| 253 |
| --- src/security_audit.c | |
| +++ src/security_audit.c | |
| @@ -44,10 +44,11 @@ | |
| 44 | void secaudit0_page(void){ |
| 45 | const char *zAnonCap; /* Capabilities of user "anonymous" and "nobody" */ |
| 46 | const char *zPubPages; /* GLOB pattern for public pages */ |
| 47 | char *z; |
| 48 | int n; |
| 49 | double r; |
| 50 | |
| 51 | login_check_credentials(); |
| 52 | if( !g.perm.Setup && !g.perm.Admin ){ |
| 53 | login_needed(0); |
| 54 | return; |
| @@ -76,12 +77,12 @@ | |
| 77 | @ <p>Fix this by <a href="takeitprivate">taking the repository private</a> |
| 78 | @ or by removing the "y" permission from users "anonymous" and |
| 79 | @ "nobody" on the <a href="setup_ulist">User Configuration</a> page. |
| 80 | }else if( hasAnyCap(zAnonCap,"goz") ){ |
| 81 | @ <li><p>This repository is <big><b>PUBLIC</b></big>. All |
| 82 | @ checked-in content can be accessed by anonymous users. |
| 83 | @ <a href="takeitprivate">Take it private</a>.<p> |
| 84 | }else if( !hasAnyCap(zAnonCap, "jry") && (zPubPages==0 || zPubPages[0]==0) ){ |
| 85 | @ <li><p>This repository is <big><b>Completely PRIVATE</b></big>. |
| 86 | @ A valid login and password is required to access any content. |
| 87 | }else{ |
| 88 | @ <li><p>This repository is <big><b>Mostly PRIVATE</b></big>. |
| @@ -243,10 +244,39 @@ | |
| 244 | @ <li><p> |
| 245 | @ The <a href="admin_log">Administrative Log</a> is disabled. |
| 246 | @ The administrative log provides a record of configuration changes |
| 247 | @ and is useful for security monitoring. |
| 248 | } |
| 249 | |
| 250 | #if !defined(_WIN32) && !defined(FOSSIL_OMIT_LOAD_AVERAGE) |
| 251 | /* Make sure that the load-average limiter is armed and working */ |
| 252 | if( load_average()==0.0 ){ |
| 253 | @ <li><p> |
| 254 | @ Unable to get the system load average. This can prevent Fossil |
| 255 | @ from throttling expensive operations during peak demand. |
| 256 | @ <p>If running in a chroot jail on Linux, verify that the /proc |
| 257 | @ filesystem is mounted within the jail, so that the load average |
| 258 | @ can be obtained from the /proc/loadavg file. |
| 259 | }else { |
| 260 | double r = atof(db_get("max-loadavg", "0")); |
| 261 | if( r<=0.0 ){ |
| 262 | @ <li><p> |
| 263 | @ Load average limiting is turned off. This can cause the server |
| 264 | @ to bog down if many requests for expensive services (such as |
| 265 | @ large diffs or tarballs) arrive at about the same time. |
| 266 | @ <p>To fix this, set the "Server Load Average Limit" on the |
| 267 | @ <a href="setup_access">Access Control</a> page to approximately |
| 268 | @ the number of available cores on your server, or maybe just a little |
| 269 | @ less. |
| 270 | }else if( r>=8.0 ){ |
| 271 | @ <li><p> |
| 272 | @ The "Server Load Average Limit" on the |
| 273 | @ <a href="setup_access">Access Control</a> page is set to %g(r), |
| 274 | @ which seems high. Is this server really a %d((int)r)-core machine? |
| 275 | } |
| 276 | } |
| 277 | #endif |
| 278 | |
| 279 | |
| 280 | @ </ol> |
| 281 | style_footer(); |
| 282 | } |
| 283 |