Module: check_mk
Branch: master
Commit: 0592efb0acc3259072d5949a019f6ae5079f4883
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=0592efb0acc325…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Fri May 25 10:47:14 2018 +0200
6107 SEC Agent bakery signing key passphrases could be visible in access logs
When you are using the agent bakery for creating and distributing your
monitoring agents it is likely that this change is relevant for you.
In some parts of the GUI, when working with agent signing keys, it could happen
that the signing key secret you enter could be written to the apache access log
of your Check_MK server. This means that it may be visible to all local system
users (e.g. users with access to the command line).
This affects the access log of the system apache (normally located at
/var/log/apache2) and the access log (/omd/sites/[site]/var/log/apache/*) of
the sites apache (master site in distributed setups).
You may want to scan the log files for the string "key_p_passphrase" to check
whether or not you are affected. It can be done e.g. with:
zgrep key_p_passphrase /var/log/apache2/access* /omd/sites/*/var/log/apache/access*
In case you find something, you should clean it up. Delete the file or remove
the secrets from that file.
Even if it's unlikely that your key has been compromised, it is recommended to
stop using this signing key. Create a new key and proceed with this one.
Change-Id: I2d7ab495596a24baeabf601c9b327b1757c1d106
---
.werks/6107 | 35 +++++++++++++++++++++++++++++++++++
web/htdocs/key_mgmt.py | 5 +++++
2 files changed, 40 insertions(+)
diff --git a/.werks/6107 b/.werks/6107
new file mode 100644
index 0000000..75dbc96
--- /dev/null
+++ b/.werks/6107
@@ -0,0 +1,35 @@
+Title: Agent bakery signing key passphrases could be visible in access logs
+Level: 2
+Component: wato
+Class: security
+Compatible: compat
+Edition: cee
+State: unknown
+Version: 1.6.0i1
+Date: 1526765180
+
+When you are using the agent bakery for creating and distributing your
+monitoring agents it is likely that this change is relevant for you.
+
+In some parts of the GUI, after entering the passphrase of the agent signing
+keys, it could happen that the signing key passphrase you enter is written to
+the apache access log of your Check_MK server. As a result it may be visible in
+clear text to local system users (e.g. users with access to the command line)
+which scan the logs for it.
+
+This affects the access log of the system apache (normally located at
+/var/log/apache2) and the access log (/omd/sites/[site]/var/log/apache/*) of
+the sites apache (master site in distributed setups).
+
+You may want to scan the log files for the string "key_p_passphrase" to check
+whether or not you are affected. It can be done e.g. with:
+
+zgrep key_p_passphrase /var/log/apache2/access*
+/omd/sites/*/var/log/apache/access*
+
+In case you find something, you should clean it up. Delete the file or remove
+the secrets from that file.
+
+Even when it seems unlikely that your key has been compromised, it is
+recommended to stop using this signing key. Create a new key and proceed with
+this one.
diff --git a/web/htdocs/key_mgmt.py b/web/htdocs/key_mgmt.py
index d233225..c19bc67 100644
--- a/web/htdocs/key_mgmt.py
+++ b/web/htdocs/key_mgmt.py
@@ -203,6 +203,10 @@ class PageEditKey(object):
def action(self):
if html.check_transaction():
value = self._vs_key().from_html_vars("key")
+ # Remove the secret key from known URL vars. Otherwise later constructed
URLs
+ # which use the current page context will contain the passphrase which could
+ # leak the secret information
+ html.del_var("key_p_passphrase")
self._vs_key().validate_value(value, "key")
self._create_key(value)
return self.back_mode
@@ -291,6 +295,7 @@ class PageUploadKey(object):
def action(self):
if html.check_transaction():
value = self._vs_key().from_html_vars("key")
+ html.del_var("key_p_passphrase")
self._vs_key().validate_value(value, "key")
key_file = self._get_uploaded(value, "key_file")