mirror of
https://github.com/GameServerManagers/LinuxGSM.git
synced 2026-04-25 14:15:59 +03:00
[GH-ISSUE #1308] Random generation of Rcon password can fail #1012
Labels
No labels
Atomic
Epic
cannot reproduce
command: backup
command: console
command: debug
command: details
command: fast-dl
command: install
command: mods
command: monitor
command: post-details
command: restart
command: send
command: start
command: stop
command: update
command: update-lgsm
command: validate
command: wipe
distro: AlmaLinux
distro: Arch Linux
distro: CentOS
distro: Debian
distro: Fedora
distro: RedHat
distro: Rocky Linux
distro: Ubuntu
distro: openSUSE
engine: goldsrc
engine: source
game: 7 Days to Die
game: ARMA 3
game: Ark: Survival Evolved
game: Assetto Corsa
game: Avorion
game: BATTALION: Legacy
game: Barotrauma
game: Battalion 1944
game: Battlefield 1942
game: Black Mesa: Deathmatch
game: Blade Symphony
game: Call of Duty 2
game: Call of Duty 4
game: Call of Duty: United Offensive
game: Counter-Strike 1.6
game: Counter-Strike 2
game: Counter-Strike: Global Offensive
game: Counter-Strike: Source
game: Day of Infamy
game: Dayz
game: Death Match Classic
game: Don't Starve Together
game: ET: Legacy
game: Eco
game: Factorio
game: Factorio
game: Garry's Mod
game: Half-Life
game: Hurtword
game: Insurgecy
game: Insurgecy
game: Insurgency: Sandstorm
game: Just Cause 3
game: Killing Floor
game: Killing Floor 2
game: Left 4 Dead 2
game: Minecraft
game: Minecraft Bedrock
game: Mordhau
game: Multi Theft Auto
game: Mumble
game: Natural Selection 2
game: No More Room in Hell
game: Pavlov VR
game: Post Scriptum
game: Project Zomboid
game: Quake 3
game: QuakeWorld
game: Red Orchestra: Ostfront 41-45
game: Return to Castle Wolfenstein
game: Rising World
game: Rust
game: San Andreas Multiplayer
game: Satisfactory
game: Soldat
game: Soldier of Fortune 2
game: Squad
game: Squad 44
game: Starbound
game: Stationeers
game: Sven Co-op
game: Team Fortress 2
game: Teamspeak 3
game: Teeworlds
game: Terraria
game: The Front
game: Unreal Tournament 2004
game: Unreal Tournament 3
game: Unreal Tournament 99
game: Unturned
game: Valheim
game: Wurm Unlimited
game: Zombie Master Reborn
game: label missing
good first issue
help wanted
info: alerts
info: dependency
info: docker
info: docs
info: email
info: query
info: steamcmd
info: systemd
info: tmux
info: website
info: website
needs more info
outcome: duplicate
outcome: issue resolved
outcome: issue resolved
outcome: issue unresolved
outcome: pr accepted
outcome: pr rejected
outcome: unconfirmed
outcome: wontfix
outcome: wrong forum
potential-duplicate
priority
pull-request
type: bug
type: feature
type: feature
type: feature request
type: game server request
type: refactor
waiting response
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/LinuxGSM#1012
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @RaitoBezarius on GitHub (Feb 9, 2017).
Original GitHub issue: https://github.com/GameServerManagers/LinuxGSM/issues/1308
Originally assigned to: @marvinlehmann, @dgibbs64, @Scarsz, @UltimateByte, @cedarlug on GitHub.
Using Ansible to provision a machine under CentOS 7.0 with LinuxGSM and CS:GO in particular (here is the used playbook).
I found out that
auto-installwill hang even when it has finished downloading the serverfiles.Whereas, when typing the very same command over SSH manually, the
auto-installcompletes immediately.After long session of
strace-ing the bash script, the culprit was the following line ofinstall_config.sh(L54).It seemed that execution of these processes was so fast, that it would break the pipe and cause the
grepcommand to fail withgrep: write error, eventually hanging the bash process.An easy fix is to, just, plainly remove the random generation, and put a dummy string.
After that, Ansible is able to complete the playbook and the provisioning.
I think that random generation of Rcon password must be rewritten, or, that
auto-installoffer more choice to the configuration (I'd prefer, if possible, to handle the Rcon password myself rather than getting an elegant choice for your everyone user.)As a workaround, what I do: run
auto-installsufficiently long forinstall_config.shto appear.Monkey-patch it with
sedand re-runauto-installnormally.@UltimateByte commented on GitHub (Feb 9, 2017):
Thanks for reporting.
Well, this is not a fix, this is just removing the feature.
What happens on the given machine if you run the specified line itself?
random=$(strings /dev/urandom | grep -o '[[:alnum:]]' | head -n 8 | tr -d '\n'; echo); echo $randomIt's true however that the config var settings lack some checks to be "failproof".
https://github.com/GameServerManagers/LinuxGSM/blob/master/lgsm/functions/install_config.sh#L52-L70
@RaitoBezarius commented on GitHub (Feb 9, 2017):
Thank you for your answer. As I said:
It implies that this line:
is also executed well.
Also, I tried separately and it returned to me a random string as expected.
Right, I just believe that the
auto-installprocess could let an option to opt-out of this automatic generation, as advanced users may prefer to not rely on it.@dgibbs64 commented on GitHub (Feb 9, 2017):
I don't think getting rid of the random rcon password generation is a good option or having it as an optional (as it opens a can of worms for me). However finding the cause of the issue and fixing it is. There may be other options for random password generation that wont cause this issue.
@UltimateByte commented on GitHub (Feb 9, 2017):
I just crashed my bash session with
strings /dev/urandom | grep -o '[[:alnum:]]'WTF 😆 It's hanging and i can't even click on it anymore, my mice pointer is stuck as the window resize cursor when i point over it. And i can reproduce this weird behavior.
Yeah, seems this function is not very clean. :o))
@RaitoBezarius commented on GitHub (Feb 9, 2017):
Well, if what we want is a random token,
openssl rand -base64 12could be sufficient, assumingopensslas a dependency (which is relatively okay, I believe).@UltimateByte commented on GitHub (Feb 9, 2017):
Well, the less we add dependencies, the better.
Found a nice one that we could work with:
date | md5sum@RaitoBezarius commented on GitHub (Feb 9, 2017):
@UltimateByte Yes, but it's not really randomly "secure".
If I could know the timezone of the server and the creation date of the server, then, I could get the random token, though, I don't know how much security do you need.
@UltimateByte commented on GitHub (Feb 9, 2017):
Would require you to know the exact second the command was ran.
For an RCON password it's not too bad.
There are many ways to generate random numbers though. I'll try to find a funny and efficient one.
@dgibbs64 commented on GitHub (Feb 9, 2017):
I think the date option is quite clever however we only need a few characters..
Is this random enough?
date | md5sum | md5sum | md5sum | cut -c3-8@RaitoBezarius commented on GitHub (Feb 9, 2017):
Piping to
md5sumwon't change the randomness of the resulting string as long as it is deterministic.Also, piping too many commands may cause again the broken pipe problem :/.
@dgibbs64 commented on GitHub (Feb 9, 2017):
Yeah as @UltimateByte says you would need to know the exact second the command was run which is pretty unlikely. This might work well as it adds nanoseconds in to the command
date +"%T.%N" | md5sum | cut -c3-8@UltimateByte commented on GitHub (Feb 9, 2017):
uptime would be better, since load usage into it is almost impossible to track
We can mix stuff in it just for the fun.
echo "$(uptime) $(date) $(whoami)" | md5sum | cut -c1-8(echo is required otherwise commands mess up)
Edit: Mixing @dgibbs64 's trick:
echo "$(uptime) $(date +"%T.%N") $(whoami)" | md5sum | cut -c1-8@cedarlug commented on GitHub (Feb 9, 2017):
The processes in a pipe succession cannot 'execute too fast', they are serially scheduled and their 3 streams are bound or conjoined before being scheduled.
I'd like to see the raw strace. grep shouldn't give a write error unless /dev/urandom isn't available, isn't readable, or other more tangible error is present.
Personally, I've used this for random password generation which omits strings:
invoked as
genpasswdoutputs a 16-character password. Or invoked asgenpasswd 8to produce an 8-character password, etc.One issue with cropping md5sum is that you'll never get upper-case nor underscore in the output.
@cedarlug commented on GitHub (Feb 9, 2017):
Related
Related #2 - Apparently ansible doesn't like to
cat /dev/urandom.@cedarlug commented on GitHub (Feb 9, 2017):
Suggested fix, which keeps it out of the useless uses of cat awards*:
*which oddly enough doesn't appear to be a thing anymore.
@UltimateByte commented on GitHub (Feb 9, 2017):
In the worst case, my suggestion is probably random enough for the purpose.
@marvinlehmann commented on GitHub (Feb 10, 2017):
Just a note: https://github.com/GameServerManagers/LinuxGSM/blob/master/lgsm/functions/install_config.sh#L86 (could also be changed when a solution was found)
@Scarsz commented on GitHub (Feb 16, 2017):
github.com/GameServerManagers/LinuxGSM@8cf81212a2/lgsm/functions/install_config.sh (L54)would need to be changed as well, @marvinl97@UltimateByte commented on GitHub (May 31, 2017):
May the first one being available fix this soon, since this also causes trouble on regular installs as per #1453 and @Scarsz and @marvinlehmann kinda found out.
@JeroenVdb commented on GitHub (Jul 26, 2017):
I have the same problems as @RaitoBezarius when settings up an AWS CloudFormation template for LGSM.
strings /dev/urandomkeeps running on 100% CPU.@dgibbs64 commented on GitHub (Sep 21, 2017):
I have now added the fix @cedarlug suggested. Hopefully that will work :)
@lock[bot] commented on GitHub (Sep 21, 2018):
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.