Hi,
I'm receiving errors after the last seccheck update:
/usr/lib/secchk/helper.inc: line 46: guessable_password_email: command not found
sed: can't read blurbs/guessable_passwd.txt: No such file or directory
/usr/lib/secchk/helper.inc: line 49: syntax error near unexpected token `}'
/usr/lib/secchk/helper.inc: line 49: `}'
/usr/lib/secchk/helper.inc: line 46: guessable_password_email: command not found
sed: can't read blurbs/guessable_passwd.txt: No such file or directory
/usr/lib/secchk/helper.inc: line 49: syntax error near unexpected token `}'
/usr/lib/secchk/helper.inc: line 49: `}'
/usr/lib/secchk/security-daily.sh: line 64: check_for_globally_exported_fs: command not found
/usr/lib/secchk/security-daily.sh: line 70: list_loaded_kernel_modules: command not found
/usr/lib/secchk/security-daily.sh: line 73: nfs_mounted_with_missing_nosuid: command not found
/usr/lib/secchk/security-daily.sh: line 76: display_programs_with_bound_sockets: command not found
/usr/lib/secchk/security-control.sh: line 52: send_daily_changes: command not found
Is anybody aware of this?
Thanks!
Markus
--
To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org
All,
The below SR is for a new to OBS password recovery tool (LaZagne).
>From what I've seen all it does is look for plain text passwords that
the user has visibility to if they knew where to look and present
them. I have not done a code review, but I did run it to see what it
found.
In the case of running it as root, it is not looking in /home/* for
passwords, just /etc and /root
I know hacking tools are not allowed on OBS, but I argue this is more
of an auditing tool in that it lets users know what plain text
passwords they have on there system.
I can accept it into security:forensics (which is where it was
submitted), but I'd appreciate your feedback as to the appropriateness
of this package in security:forensics and/or factory before I do that.
Per the website
(http://www.kitploit.com/2015/02/the-lazagne-project-recover-most-common.html)
LaZagne can recover passwords from:
====
browsers - firefox, opera
chats - pidgin, jitsi
mails - thunderbird
adminsys - filezilla, environment variables
database - sqldeveloper, squirrel, dbvisualizer
wifi - network manager
wallet - gnome keyring
====
Summary, With openSUSE 13.2 LaZagne was able to retrieve some passwords
for filezilla and wireless lans, but the passwords were being stored
in plain text.
Thanks
Greg
---------- Forwarded message ----------
From: Luigi Baldoni <aloisio(a)gmx.com>
Date: Wed, Jun 10, 2015 at 3:06 AM
Subject: Request 311390 created by alois (submit security:forensics/LaZagne)
To: Greg Freemyer <Greg.Freemyer(a)gmail.com>, Marcus Meissner <meissner(a)suse.com>
Visit https://build.opensuse.org/request/show/311390
Description:
Retrieves credentials stored locally.
Actions:
- submit home:alois:branches:security:forensics/LaZagne =>
security:forensics/LaZagne
changes files:
--------------
++++++ new changes file:
--- LaZagne.changes
+++ LaZagne.changes
@@ -0,0 +1,17 @@
+-------------------------------------------------------------------
+Fri Jun 5 07:37:17 UTC 2015 - aloisio(a)gmx.com
+
+- Update to version 0.71:
+ * Wifi password module from WPA Supplicant implemented (by rpesche)
+
+-------------------------------------------------------------------
+Sat May 30 12:01:35 UTC 2015 - aloisio(a)gmx.com
+
+- Update to version 0.7:
+ * Fix mozilla bug (special characters were not printed)
+
+-------------------------------------------------------------------
+Wed May 27 11:50:21 UTC 2015 - aloisio(a)gmx.com
+
+- Initial version 0.6
+
new:
----
LaZagne-0.71.tar.bz2
LaZagne.changes
LaZagne.spec
spec files:
-----------
++++++ new spec file:
--- LaZagne.spec
+++ LaZagne.spec
@@ -0,0 +1,74 @@
+#
+# spec file for package LaZagne
+#
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via http://bugs.opensuse.org/
+#
+
+Name: LaZagne
+Version: 0.71
+Release: 0
+Summary: Python tool to decode locally stored passwords
+License: GPL-3.0
+Group: Development/Languages/Python
+Url: https://github.com/AlessandroZ/LaZagne
+Source0: %{name}-%{version}.tar.bz2
+BuildRequires: fdupes
+BuildRequires: python-devel
+Requires: dbus-1-python
+Requires: python-argparse
+Requires: python-kde4
+Requires: python-pyasn1
+Requires: python-pycrypto
+BuildArch: noarch
+
+%description
+LaZagne is an open source tool to retrieve and decode
+credentials stored on your computer.
+
+%prep
+%setup -q
+
+%build
+
+%install
+pushd Linux/src
+mkdir -p %{buildroot}%{python_sitelib}/%{name}
+sed -e 's|^# !/|#!/|' -i LaZagne.py
+cp LaZagne.py* %{buildroot}%{python_sitelib}/%{name}
+cp -a config %{buildroot}%{python_sitelib}/%{name}
+cp -a softwares %{buildroot}%{python_sitelib}/%{name}
+popd
+
+pushd %{buildroot}%{python_sitelib}/%{name}/
+%py_compile .
+popd
+
+mkdir -p %{buildroot}%{_bindir}
+pushd %{buildroot}%{_bindir}
+ln -s %{python_sitelib}/%{name}/%{name}.py .
+chmod +x %{buildroot}%{python_sitelib}/%{name}/%{name}.py
+popd
+
+%fdupes -s %{buildroot}
+
+%files
+%defattr(-,root,root)
+%doc CHANGELOG LICENSE README.md
+%dir %{python_sitelib}/%{name}
+%{_bindir}/%{name}.py
+%{python_sitelib}/%{name}/%{name}.py*
+%{python_sitelib}/%{name}/config
+%{python_sitelib}/%{name}/softwares
+
+%changelog
other changes:
--------------
++++++ LaZagne-0.71.tar.bz2 (new)
To REVIEW against the previous version:
osc request show --diff 311390
To ACCEPT the request:
osc request accept 311390 --message="reviewed ok."
To DECLINE the request:
osc request decline 311390 --message="declined for reason xyz (see
... for background / policy / ...)."
To REVOKE the request:
osc request revoke 311390 --message="retracted because ..., sorry /
thx / see better version ..."
--
Configure notifications at https://build.opensuse.org/user/notifications
openSUSE Build Service (https://build.opensuse.org/)
--
To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org
YaST2-Security, the YaST module to configure local security settings, is
aging. There is a quite deep analysis about the problems here
https://docs.google.com/document/d/1BFVou4YrRoc4vPCkofs-Qo2C9b-lWIbuMBiGk3O…
The plan described in the document is a mid-term goal. In the short term
(next week), the goal is to do less disruptive changes. To be concrete,
just:
- Remove any reference to runlevels
- Update the list of security settings (currently "home
workstation", "networked worstation" and "network server")
- Update the list of mandatory services (it will still be independent
of the security setting for the time being)
- Update the list of extra allowed services (same as above)
We are already working with the following lists, feedback is highly
appreciated.
New list of security settings:
- Workstation
- Server
New list of mandatory services:
- systemd
- systemd-journald
- systemd-dmevented
- systemd-udevd
- systemd-logind
- dbus-daemon
- rsyslogd
- polkitd
- cron
- SuSEfirewall
- auditd
New list of extra (harmless) services:
- wickedd
- nscd
- postfix
- ntpd
- sshd
- haveged
Anything you miss? Anything you thing should not be there?
Thanks.
--
Ancor González Sosa
YaST Team at SUSE Linux GmbH
--
To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org
On 06/11/2015 11:26 AM, Yamaban wrote:
> Comments inserted, personal IMHO.
>
> On Thu, 11 Jun 2015 10:47, Ancor Gonzalez Sosa wrote:
>>
>> YaST2-Security, the YaST module to configure local security settings, is
>> aging. There is a quite deep analysis about the problems here
>> https://docs.google.com/document/d/1BFVou4YrRoc4vPCkofs-Qo2C9b-lWIbuMBiGk3O…
>>
>>
>> The plan described in the document is a mid-term goal. In the short term
>> (next week), the goal is to do less disruptive changes. To be concrete,
>> just:
>>
>> - Remove any reference to runlevels
> First step: replace runlevels with the corresponding systemd *.target,
> afterwards think about removal, where it makes sense.
To be honest, I find much cheaper, coherent and a lot less confusing to
only analyze the current target.
>> - Update the list of security settings (currently "home
>> workstation", "networked worstation" and "network server")
> Giving examples like "private network with internet (home)",
> "public network (guest / public wifi, cell-mobile)", "providing
> services to others (server)" would be much more clear and helpfull.
The full descriptions of the old settings (clearly outdated nowadays)
are in the help of the module and in one screenshot in the document
referenced at the beginning of my mail.
>> - Update the list of mandatory services (it will still be independent
>> of the security setting for the time being)
>> - Update the list of extra allowed services (same as above)
>>
>> We are already working with the following lists, feedback is highly
>> appreciated.
>>
>> New list of security settings:
>> - Workstation
>> - Server
> Missing : roaming mobile (laptop, tablet)
Good point.
>> New list of mandatory services:
>> - systemd
>> - systemd-journald
>> - systemd-dmevented
> Really, for every one? Many of the systems under my care are better of
> without any dm* stuff, better move that to extra.
>
>> - systemd-udevd
>> - systemd-logind
>> - dbus-daemon
>> - rsyslogd
> Urgs, either generic syslog(rsyslogd,syslogd-ng,journald-only),
> or all of them selecive (radio-button)
We actually have the ability to specify a list of equivalent services,
but this only makes obvious the inability of Yast2-Journal to manage
systemd aliases. I will try to implement proper management of aliases,
so specifying "syslog" is enough for the module to figure out that
rsyslogd is also ok.
>> - polkitd
>> - cron
> Eh?, and what about handling systemd-timer stuff, that more and more
> replaces cron, as well as which implemention of cron
> (anacron,crony,dcron,fcron,vixie-cron,etc)?
To some extend, more work for the to-be-implemented aliases handling. :-)
>> - SuSEfirewall
> give hints to other firewalls (firewalld, shorewall, etc) and ipv6
> handling (its ugly in SuSEfirewall)
>
>> - auditd
> Well, dunno. Apparmour seems more relevant to security than auditd, IMHO
>>
>> New list of extra (harmless) services:
>> - wickedd
>> - nscd
>> - postfix
>> - ntpd
>> - sshd
>> - haveged
> place auditd here, and if not above, apparmour also here,
> also needed here: modem-manager, network-manager
>
>> Anything you miss? Anything you thing should not be there?
>>
>> Thanks.
> Thanks for starting this thread, it is needed work.
Thanks for the feedback.
--
Ancor González Sosa
YaST Team at SUSE Linux GmbH
--
To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org
Just a reminder to folk who've done interesting things in Linux security
this year, the CFP for LSS 2015 is open until this Friday, 5th June.
See the following link for details:
http://kernsec.org/wiki/index.php/Linux_Security_Summit_2015
This is not just for kernel developers, or even developers -- any
interesting/novel application of Linux security or research is welcome.
We're also looking for round-table discussion topics, and people to lead
those discussions.
Get your proposals in soon!
- James
--
James Morris
<jmorris(a)namei.org>
--
To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org