Package: zabbix-server-mysql Version: 1:6.0.14+dfsg-1+b1 Severity: important Tags: security
Dear maintainer, after installing zabbix-server-mysql, I noticed that the configuration file /etc/zabbix/zabbix_server.conf, where one is supposed to configure database credentials, is world-readable by default: > -rw-r--r-- 1 root root 25860 Dec 8 23:38 zabbix_server.conf I have now manually set the group to zabbix and the mode to 0640, which is still sufficient for zabbix to start up. Kind regards, Reiner