Actions
Bug #22283
closedceph-volume - sudo logs commands to journal/syslog, incl. auth key
% Done:
0%
Source:
Tags:
Backport:
Regression:
No
Severity:
2 - major
Reviewed:
Description
As a side effect of running commands as sudo (#22282), all commands are logged to journal/syslog this includes the auth key of the osd.
Nov 30 14:11:24 sumi2 sudo[10587]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/usr/bin/ceph-osd --cluster ceph --osd-objectstore bluestore --mkfs -i 15 --monmap /var/lib/ceph/osd/ceph-15/activate.monmap --key AQB7AyBa+2NjIhAAVN3xoje5foheGHKVZG+qfQ== --osd-data /var/lib/ceph/osd/ceph-15/ --osd-uuid 43e7b38b-80e7-47db-b64a-079ae4a39dd1 --setuser ceph --setgroup ceph Nov 30 14:11:26 sumi2 sudo[10724]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/systemctl start ceph-osd@15 Nov 30 14:11:26 sumi2 ceph-osd[10755]: starting osd.15 at - osd_data /var/lib/ceph/osd/ceph-15 /var/lib/ceph/osd/ceph-15/journal Nov 30 14:11:27 sumi2 ceph-osd[10755]: 2017-11-30 14:11:27.167604 7f57921d0e00 -1 osd.15 0 log_to_monitors {default=true} Nov 30 14:11:28 sumi2 ceph-osd[10755]: 2017-11-30 14:11:28.235797 7f57795fb700 -1 osd.15 0 waiting for initial osdmap Nov 30 14:16:19 sumi2 sudo[12557]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/usr/bin/ceph-osd --cluster ceph --osd-objectstore bluestore --mkfs -i 17 --monmap /var/lib/ceph/osd/ceph-17/activate.monmap --key AQCiBCBaGE06ExAAIWpHOgpAjhQneHdqhNEfyA== --osd-data /var/lib/ceph/osd/ceph-17/ --osd-uuid d0e1b24a-f780-4b74-b456-fc6d37236c6d --setuser ceph --setgroup ceph Nov 30 14:16:21 sumi2 sudo[12692]: root : TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/bin/systemctl start ceph-osd@17 Nov 30 14:16:21 sumi2 ceph-osd[12700]: starting osd.17 at - osd_data /var/lib/ceph/osd/ceph-17 /var/lib/ceph/osd/ceph-17/journal Nov 30 14:16:21 sumi2 ceph-osd[12700]: 2017-11-30 14:16:21.932381 7f5622572e00 -1 osd.17 0 log_to_monitors {default=true} Nov 30 14:16:23 sumi2 ceph-osd[12700]: 2017-11-30 14:16:23.006502 7f560999d700 -1 osd.17 0 waiting for initial osdmap
As those log files are often transmitted off server, the auth key will be also exposed to a wider audience.
Updated by Alfredo Deza over 6 years ago
We can safely remove all `sudo` additions to commands because we are already making sure that super user privileges are checked on commands that need them.
Updated by Kefu Chai over 6 years ago
- Status changed from 12 to Resolved
Actions