File Permissions

Additional to uploads of archives, the On-Premises version of RIPS also allows to scan directories. The target source code has to be copied to the source directory of RIPS (by default /var/rips3/src). This directory is shared with RIPS and mounted to /src.

Permissions

In order to scan an application all files and directories that contain source code have to be writeable by user id 33, by group id 33 or by everyone. All files have to be world-readable. The user and group ids are both fixed and can not be changed. There does not have to exist a user with this ids on the system.

Security

For security reasons we recommend to make the data directory of RIPS (by default /var/rips3) only accessible to the root user.


Example
root@rips:~$ chown root:root /var/rips3
root@rips:~$ chmod 750 /var/rips3
root@rips:~$ ls -lan /var/rips3/src
total 192
drwxr-xr-x 48  33  33 4096 May  3 10:06 .            # valid
drwxr-x---  5  0   0  4096 Apr 16 17:45 ..           # valid and secure
drwxr-xr-x  3  33  0  4096 May  4 12:04 DVWA_1.9     # valid
dr-xrwxr-x  3  0   33 4096 May  4 12:04 DVWA_1.8     # valid
d------rwx  3  0   0  4096 May  4 12:04 DVWA_1.7     # valid
drwxr-x---  3  0   0  4096 May  4 12:04 DVWA_1.6     # invalid

root@rips:~$ chown -R 33:33 /var/rips3/src/DVWA_1.6

To start a scan you could use the path DVWA_1.9 or /src/DVWA_1.9.