You are not logged in.

#1 2017-09-25 06:56:47

Physicist1616
Member
Registered: 2015-02-16
Posts: 32

Oops, typed password in place of username

Evening all, I made a newb mistake:

I typed my password instead of my username.  This means my password is visible in journalctl. 

How can I mask the password in the log (or simply edit the log) with it not being a text file?  I'd consider just opening the bin in a text editor, but does that possibly screw with the data in the log when I save it?

Offline

#2 2017-09-25 07:07:31

dockland
Member
From: Sweden
Registered: 2015-06-06
Posts: 861

Re: Oops, typed password in place of username

Change password?


I possess a device, in my pocket, that is capable of accessing the entirety of information known to man.
I use it to look at funny pictures of cats and to argue with strangers.

Offline

#3 2017-09-25 08:30:18

Physicist1616
Member
Registered: 2015-02-16
Posts: 32

Re: Oops, typed password in place of username

It's a good password and no one has access to my logs at the moment, so I'd like to keep it.  This is more of a 'principle of the thing'. 

With a more complicated system of multiple admins and users, I'd hate for someone to get a non-admin postgres-or-other user shell and thus get access to logs to read admin passwords in unprotected log files.

I think there ought to be a button one (properly authenticated, or an administrator) can click to automatically purge a username from a log.  I'd love to script one for myself, I just need to know the "proper" way to edit the log or (if more proper) restrict access to it.

Offline

#4 2017-09-25 09:42:13

Omar007
Member
Registered: 2015-04-09
Posts: 368

Re: Oops, typed password in place of username

If you don't mind just wiping everything up to and including that point in time, you could just do a `journalctl --vacuum-time=...`.
(where ... = the amount of time between now and the time of the password in the log)

Aside from cleaning up the logs, I'm not really aware of any way to manipulate the logs (not to mention that being able to easily manipulate logs would be a bit of a problem in itself..)

Last edited by Omar007 (2017-09-25 09:42:39)

Offline

#5 2017-09-25 10:45:32

loqs
Member
Registered: 2014-03-06
Posts: 17,192

Re: Oops, typed password in place of username

The system journal as supplied by the systemd package should only be readable by root and members of the groups systemd-journal,adm and wheel.

Offline

#6 2017-09-25 12:19:21

mrunion
Member
From: Jonesborough, TN
Registered: 2007-01-26
Posts: 1,938
Website

Re: Oops, typed password in place of username

Change the password like @dockland said. You're concerned enough about safety to want no one to see the password, yet not concerned enough to change it? Seems illogical to me.

Wipe the journal as instructed and change the password.

Last edited by mrunion (2017-09-25 12:19:39)


Matt

"It is very difficult to educate the educated."

Offline

#7 2017-09-25 12:25:01

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,442
Website

Re: Oops, typed password in place of username

Just cleaning out the journal sounds good to me.  I'm not sure where all this push to change the password is coming from.  The OP is confident that since the time he's entered the password as a username, no one has had access to the journal - this would be the case for any single user (or even single-journal-access) system.  The reasonable concern would be if the password is just left there, at some time in the future the OP might share journal entries: e.g., in support threads we frequently ask for journalctl output, and it is generally considered safe to share it.

At the moment it would not be wise for the OP to share his journalctl output publicly.  As long as he avoids doing so, there is no need to change the password.  But to avoid accidentally doing so in the future, it would be wise to remove the password from the journal.  The vaccuum option sounds best to me.


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#8 2017-09-25 12:33:10

hcjl
Member
From: berlin
Registered: 2007-06-29
Posts: 330

Re: Oops, typed password in place of username

You should check as well, if your password was stored in your shell history, e.g. .bash_history.

Last edited by hcjl (2017-09-25 12:33:23)

Offline

#9 2017-09-25 12:57:37

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,442
Website

Re: Oops, typed password in place of username

A failed login doesn't start a shell, so there's no shell history to look into.  Even a successful login doesn't get entered into a shell history.


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#10 2017-09-25 13:08:11

hcjl
Member
From: berlin
Registered: 2007-06-29
Posts: 330

Re: Oops, typed password in place of username

For me it wasn't 100% clear, where he typed it in. Regarding login you are right.

Last edited by hcjl (2017-09-25 13:27:20)

Offline

Board footer

Powered by FluxBB