This document describes security related issues administrators need to be aware of when using Machinery.
Machinery inspects several parts of a system which are covered by Machinery's scopes. Information about scopes is listed here.
Users of Machinery who inspect systems need to be aware of the security implications to take the right decisions on how to protect the retrieved data.
Retrieval of Data
Machinery transfers data from one end point to another via SSH (Secure Shell, using public key authentication).
Depending on the scope, Machinery collects information
about files on the system. Additionally, when the
--extract-files option is given for the
inspect command, not only the meta data about the files (e.g. permission bits, owner, group etc
.) but also the file content is extracted. Machinery does not distinguish between sensitive
data (such as private keys or password files). That means that everyone with access to the system
description has automatically access to all extracted files and contained sensitive data.
An inspection can only be done, when the user on the inspected system is either root or has sudo privileges. Information about the required sudo configuration can be found here.
Storage of Data
After an inspection has been completed, the directory where the description is stored is made readable only for the user. The data is not encrypted by Machinery.
Used Permission Bits
When Machinery extracts data, it sets permission bits for files and directories as follows:
|Permission Bits||Used for ...|
|0700||... directories inside the description directory|
|0600||... for files inside the description directory|
Accessing System Descriptions
By default, all system descriptions are stored in the directory
.machinery in the home directory
of the user running Machinery. The directory can be redefined by the environment variable
$MACHINERY_DIR. Each description has its own subdirectory. There is a
manifest.json file in
each description directory which contains the data of the inspection. Extracted files are stored in
separate subdirectories inside the same description directory.
Presentation of Data
There are several ways how data can be presented to one or more users. The user has the option to either start a web server and view descriptions or view the descriptions only in the console.
The following commands are used to present data to users:
All of the commands listed above also have a
--html option. When this option is used, Machinery
starts a web server what will listen on the IP address
offers also a
--public option which makes the server listen on all configured IP addresses.
WARNING: When making the server reachable from the outside, users can modify the link to access also other descriptions. There is currently no way to restrict the access to only one description.
serve command also allows the user to specify a port via the
--port option. When no port
is specified, the default port which is configured in the machinery config file in
~/.machinery/machinery.config) will be taken.
Export of Data
export-autoyast command creates an AutoYaST profile for an automated installation. This will result
in tar balls containing the extracted files from the system description. These files
potentially contain sensitive data (e.g. passwords). This fact needs to be kept in mind, especially
if these files are copied to a web server for an AutoYaST installation via HTTP.
The program kiwi allows you to build OS images for deployment. Machinery gives
you the opportunity to export a KIWI description. This description can be used to build an image via Kiwi.
export-kiwi command creates a directory, where it stores the Kiwi configuration and the files
of a system description. These files potentially contain sensitive data (e.g. passwords).
The created image potentially contains sensitive data (e.g. passwords) from extracted files.
The uploaded image potentially contains sensitive data (e.g. passwords) from extracted files.