13 lines
542 B
Text
13 lines
542 B
Text
Template: nginx/log-symlinks
|
|
Type: note
|
|
_Description: Possible insecure nginx log files
|
|
The following log files under /var/log/nginx directory are symlinks
|
|
owned by www-data:
|
|
.
|
|
${logfiles}
|
|
.
|
|
Since nginx 1.4.4-4 /var/log/nginx was owned by www-data. As a result
|
|
www-data could symlink log files to sensitive locations, which in turn
|
|
could lead to privilege escalation attacks. Although /var/log/nginx
|
|
permissions are now fixed it is possible that such insecure links
|
|
already exist. So, please make sure to check the above locations.
|