Linux – How to safely store proxy passwords in system-wide linux config files

configurationlinuxpasswordPROXYSecurity

I'm working on a VM in a university environment, where several other users also have root access. Take a config file like /etc/rhsm/rhsm.conf:

proxy_hostname =
proxy_port =
proxy_user =
proxy_password =

Now the university's proxy server requires a username and password. But I really don't want to store my own personal username and password in a file that other (trustworthy as they may be) sysadmins can and will read. Is there a solution?

In the case of Git, we're able to each have our passwords in our local directories. (Come to think of it, this technically isn't secure as anyone can read any directory, but at least other sysadmins won't accidentally bump into the password without looking for it.)

Best Answer

Plain answer it is not possible. The root user has complete access to the server. There are tools like SELinux that could make it harder for other admins but not impossible.

Basically there are three options:

obfuscate it a little by hiding the password somewhere in your directory. I.e. run your own proxy with configuration in ~/boring/work/stuff/completely/unrelated/to/proxy/password.cfg as Steve suggested. Or convince the proxy to ask a program to get the password (or the config file) from some binary that will try to check whether it is sending the password to the proxy process. Or compile the proxy binary with password hardcoded. There are many possibilites but all are security through obscurity.
Store the password somewhere where you are the only admin or you are the only owner (some other server, flashdrive, etc..) and try to convice the proxy to get the password somehow from that location.
Ask for a different password that would not need to be protected against other admins.

First option would be good if you "trust" the oter admins and you just want to protect the password against accidental stuff. The second one would be the "correct secure" way. And the third one would be "correct enterprise" way.

But there is another thing that you should think of. Once the password is loaded into the proxy, bad guy can try to get it out of the proxy. As this may seem to be not so big issue, if the authentication process to the parent proxy uses passwords in plaintext, it may be very easy. And even it could happen as accident by some of the other admins analyzing the network traffic for a valid reason.

Related Solutions

How to Manage SSL Private Key Protection on Web Servers

Option 1 is I think the accepted standard.

However, if you really want the extra security, why don't you have a secure server (not in your DMZ) set up to monitor your webserver, and if apache goes down, it can automatically log in remotely, and restart apache, supplying the passphrase.

So the passphrase is kept on a computer, but not the same one as apache is running on, and not in your DMZ. You gain the added security of using a passphrase, and maintain the ability for an auto-restart.

Debian – How to check for modified config files on a Debian system

To find all Debian managed configuration files which have been changed from the default you can use a command like this.

dpkg-query -W -f='${Conffiles}\n' '*' | awk 'OFS="  "{print $2,$1}' | md5sum -c 2>/dev/null | awk -F': ' '$2 !~ /OK/{print $1}'

Edit (works with localized systems):

dpkg-query -W -f='${Conffiles}\n' '*' | awk 'OFS="  "{print $2,$1}' | LANG=C md5sum -c 2>/dev/null | awk -F': ' '$2 !~ /OK/{print $1}' | sort | less

Edit (works with packages with OK in the filename):

dpkg-query -W -f='${Conffiles}\n' '*' | awk 'OFS="  "{print $2,$1}' | LANG=C md5sum -c 2>/dev/null | awk -F': ' '$2 !~ /OK$/{print $1}' | sort | less

Best Answer

Related Solutions

How to Manage SSL Private Key Protection on Web Servers

Debian – How to check for modified config files on a Debian system

Related Topic