You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Server Info (please complete the following information):
OS: Ubuntu 20.04.4 LTS
Browser: Firefox 103.0.2 (64-bit)
RMM Version (as shown in top left of web UI): v0.15.0
Installation Method:
Standard
Docker
Agent Info (please complete the following information):
Agent version (as shown in the 'Summary' tab of the agent from web UI): N/A
Agent OS: N/A
Describe the bug
Line 171 of the install.sh script changes permissions of /etc/letsencrypt to allow everyone read access to the rmm/api/mesh certs and key PEM files. Anyone that has access to the TRMM server has access to the certs. This is insecure.
Server Info (please complete the following information):
Installation Method:
Agent Info (please complete the following information):
Describe the bug
Line 171 of the install.sh script changes permissions of
/etc/letsencrypt
to allow everyone read access to the rmm/api/mesh certs and key PEM files. Anyone that has access to the TRMM server has access to the certs. This is insecure.The update.sh has the same command.
To Reproduce
Steps to reproduce the behavior:
cd /etc/letsencrypt/keys
ls -la
o=rx
permissions.Expected behavior
The TLS keys should be readable only by the necessary processes. They should never be world readable.
Screenshots
N/A
Additional context
I'm reporting here because an attacker would need to gain access to the server and redirect DNS. This is extremely unlikely.
The text was updated successfully, but these errors were encountered: